The health system, which includes 180 hospitals and 153 ASCs, reported July 10 an unauthorized party posted patient data to an online forum. The posted data includes patient names, emails, phone numbers, birth dates, service date, location and zip code.
Patients’ credit card, Social Security numbers and diagnoses were not breached.
According to HCA, the information was taken from an external storage location used to automate formatting of email messages and the incident did not disrupt patient care. The company doesn’t believe the incident will materially impact its business, operations or financial results.
HCA disabled user access to the storage location and plans to contact the 11 million patients affected to provide additional information and support.
