HCA Healthcare Data Breach Investigation

The Lyon Firm is investigating a potential data theft incident involving HCA Healthcare patients across the country. Contact the firm for a free consultation.

HCA Healthcare, the largest health system in the country, operating more than 180 hospitals and 2,300 healthcare sites, announced that an unauthorized individual obtained the protected health information of millions of patients.

HCA Healthcare confirmed an incident involving data theft from an external location. The Nashville, Tennessee-based entity has acknowledged that the personal data of around 11 million patients may be for sale on the dark web. The information in the data lists may include the following:

  • Name
  • Address
  • Email address
  • Phone number
  • Date of birth
  • Gender
  • Date of service
  • Location of service
  • Next appointment date

HCA Healthcare Breach: What Happened?

The blog Databreaches.net reported on July 5th that HCA patient data had been posted for sale on a hacker forum and that HCA had been approached with an extortion demand.

In July 2023, HCA Healthcare announced that hackers had gained access to an external storage location that was used to format patient appointments and emails. The compromised data allegedly related to individuals who received healthcare services in Alaska, California, Colorado, Florida, Georgia, Idaho, Indiana, Kansas, Kentucky, Louisiana, Missouri, Mississippi, Nevada, New Hampshire, North Carolina, South Carolina, Tennessee, Texas, Utah, and Virginia.

Individuals who received care at a hospital or physician’s office that HCA Healthcare operates could be included in the compromised data. If the data breach impacted nearly 11 million patients as reported, it would be the largest healthcare IT security incident so far this year.

The Lyon Firm has experience representing plaintiffs nationwide in class action privacy lawsuits and healthcare data breach cases. Contact the firm for more information.