The health system, which includes 180 hospitals and 153 ASCs, reported July 10 an unauthorized party posted patient data to an online forum. The posted data includes patient names, emails, phone numbers, birth dates, service date, location and zip code.
Patients’ credit card, Social Security numbers and diagnoses were not breached.
According to HCA, the information was taken from an external storage location used to automate formatting of email messages and the incident did not disrupt patient care. The company doesn’t believe the incident will materially impact its business, operations or financial results.
HCA disabled user access to the storage location and plans to contact the 11 million patients affected to provide additional information and support.
At the Becker's 23rd Annual Spine, Orthopedic and Pain Management-Driven ASC + The Future of Spine Conference, taking place June 11-13 in Chicago, spine surgeons, orthopedic leaders and ASC executives will come together to explore minimally invasive techniques, ASC growth strategies and innovations shaping the future of outpatient spine care. Apply for complimentary registration now.
