Personal data from potentially tens of millions of HCA Healthcare patients has been stolen and has been up for sale on a data breach forum since earlier this week.
HCA, one of the largest corporations in the US, is the parent company of HCA Florida and more than a hundred Florida hospitals and clinics are affected by this violation.
Here’s what you need to know about the data hack:
What happened to HCA Healthcare patient data?
HCA Healthcare released a statement Monday, saying an unknown and unauthorized party gained access to patients’ names, addresses, emails, phone numbers and birth dates, as well as the dates and locations of patients’ appointments.
However, HCA said they were not given access to credit cards, bank account numbers or social security numbers.
But DataBreaches.net reported Monday that the unnamed hacking group provided them with a sample dataset on a patient’s lung cancer rating as “low risk,” which appears to undermine the HCA’s assessment that no essential or proprietary health information was breached.
Who is affected by this data breach?
The hack affects patients in nearly two dozen states, including patients at dozens of facilities in Florida and Texas.
The data sale was reported on Twitter by Brett Callow, an analyst at New Zealand company Emsisoft.
“This could be one of the biggest health breaches of the year and one of the biggest of all time. Although it affects millions of people, it may not be as harmful as other violations, HCA says in its statement. It doesn’t appear to affect diagnoses or other medical information,” Callow told CNBC.
Breaches of patient data are not uncommon, but can vary in scale and impact.
HCA’s breach did not appear to involve critical medical records, and the company said the breached data came from an “external location dedicated solely to automating the formatting of email messages.”
What is HCA Healthcare doing about it?
HCA Healthcare will provide credit monitoring and identity protection services to impacted patients.
But in the meantime, they encourage everyone to watch out for spam calls, text messages, or emails.
Which HCA Healthcare locations in South Florida were affected?
Those affected included HCA Florida Aventura Hospital, HCA Florida Kendall Hospital, HCA Florida Mercy Hospital and HCA Florida Miami International Cardiology.
A full list of affected Florida facilities can be found here.