Quick Hits

11M HCA Healthcare Patients Impacted by Data Breach

The hackers posted up for sale stolen HCA Healthcare data on Dark Web forum.

HCA Healthcare, operator of a massive hospital and healthcare services network in the US and UK that serves 35 million medical consumers per year, has announced that it was compromised, leading to the theft of personal data on more than 11 million of its patients.

News of the breach first broke on July 5, when reports emerged of stolen HCA Healthcare data being offered up for sale on a Dark Web hacker forum.

"Data is grouped by division into 17 files totaling to 27,700,000 rows. More data is included in the sale," the threat actors explained on the site, according to reports. "HCA Healthcare have until the 10th to meet the demands."

The post didn't include any specific ransom demands, a report added. On July 10, HCA Healthcare announced the cyberattack.

HCA Healthcare acknowledged that patient data, including names, contact information, dates of birth, appointment details, and more were stolen in the cyberattack. Compromised data did not include any financial information like medical diagnoses or treatments, credit card numbers, passwords, or social security numbers, HCA Healthcare added.

HCA said its investigations are ongoing, and there's no word on who the perpetrators are.

"This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages," HCA said in its announcement of the data breach. "There has been no disruption to the care and services HCA Healthcare provides to patients and communities."

Editors' Choice
Evan Schuman, Contributing Writer, Dark Reading
Tara Seals, Managing Editor, News, Dark Reading
Jeffrey Schwartz, Contributing Writer, Dark Reading