HCA Healthcare patient data stolen and sold by hackers

The personal information of tens of millions of HCA healthcare patients has been stolen and is now available for sale on a data breach forum from earlier this week.

HCA, one of the largest corporations in the US, acknowledged the hack earlier today. In a statement, it warned patients that critical personal information had been compromised, including their full name, city, and when and where they last saw their provider.

Shares of the healthcare giant closed up more than 1.4% in Monday’s trading, unchanged hours later.

The provider claimed that no clinical information was disclosed.

But DataBreaches.net reported Monday that the unnamed hacking group provided them with a sample set of data on a patient’s assessment of “low-risk” lung cancer, which would appear to undermine HCA’s assessment that no protected health material or information had been breached. .

The breakthrough affects patients in nearly two dozen states, including patients at dozens of facilities in Florida and Texas. The data sale was reported on Twitter by Brett Callow, an analyst with New Zealand-based Emsisoft.

“This may be one of the biggest health care-related abuses of the year and one of the largest ever. However, despite affecting millions of people, it may not be as harmful as other abuses, based on HCA’s statement,” Kalow told CNBC. It appears to have affected diagnoses or other medical information.”

However, the hacker claimed to have “health diagnosis emails that match the customer ID,” Calo noted.

Patient data breaches are not uncommon, but they can vary in scope and impact. The HCA breach did not appear to include critical medical records, and the company said the breached data originated in an “external storage location used exclusively to automate the formatting of emails.”