HCA Healthcare suffers a data breach affecting 11 million patients - What to know

  This story from CBS News July 11, 2023.

Hospital and clinic operator HCA Healthcare suffered a major attack risking the data of 11 million patients. 

 The stolen data includes names, addresses, contact information, appointments, and others.

 HCA learned of the breach July 5, 2023. One of the largest breaches in history.

 HCA should be contacting affected patients.

 HCA asks patients to contact them before paying any invoices. The CBS article lists the HCA contact information as 844-608-1803. Please use your information from verified resources to contact HCA Healthcare.

 With the scope and numbers of this data breach, expect increased phishing, identity theft, and focused attacks.

 St. David's is a HCA facility. You should check on your providers.

The notice HCA Healthcare is sending to affected customers:

On Monday, July 10, 2023, we announced that a list of certain information with respect to some of our patients was made available by an unknown and unauthorized party on an online forum. The list includes: patient name, city, state, and zip code; patient email, telephone number, date of birth, gender; and patient service date, location and next appointment date. Importantly, the list does not include: clinical information, such as treatment, diagnosis, or condition; payment information, such as credit card or account numbers; sensitive information, such as passwords, driver’s license or social security numbers. Additional information about the data security incident can be found at hcahealthcare.com/privacyupdate. We remain committed to protecting the personal information that is entrusted to us. Because patient contact information was involved in this incident, we encourage you to remain vigilant about any suspicious or unexpected communications from an unfamiliar source or from anyone claiming to be affiliated with HCA Healthcare. You can call us at 888-993-0010. Representatives will be available to provide assistance Monday through Friday, 8 am – 8 pm Central Time beginning Monday, July 17. Specifically, if you receive any communication regarding an invoice, outstanding balance, or payment reminder that you were not expecting or believe to be fraudulent, please contact us so that we can confirm the legitimacy of the message. We are working as quickly as possible to identify and contact patients whose data was impacted by this data security incident. Those individuals can expect to receive a mailed notification letter in the coming weeks and will be offered complimentary credit monitoring and identity protection services. We appreciate your patience as we continue to work through this event. Sincerely, Kathi Whalen SVP and Chief Ethics and Compliance Officer HCA Healthcare