HCA Healthcare Provides Substitute Notice to Certain Patients about a Previously Disclosed Data Security Incident
- HCA Healthcare takes immediate action to contain the data security incident and provides identity protection services for affected individuals, demonstrating a commitment to addressing the issue and protecting patient privacy.
- None.
As previously reported, on or around July 5, 2023, HCA Healthcare discovered that a list of certain information with respect to some of its patients was made available on an online platform by an unauthorized party. The information was obtained by the unauthorized party in late June in what appears to be a theft from an external storage location exclusively used to automate the formatting of email messages, such as reminders that patients may wish to schedule an appointment and education on healthcare programs and services. This incident caused no disruption to the care and services HCA Healthcare affiliates provide to patients and communities.
The exposed files contained patient name, city, state, zip code, email, telephone number, date of birth, gender, service date, location and, in some instances, the date of next appointment. The exposed personal information does not include clinical information, such as treatment, diagnosis, or condition; or payment information, such as credit card or account numbers; or other sensitive information, such as passwords, government-issued ID numbers, or social security numbers.
HCA Healthcare disabled user access to the aforementioned storage location as an immediate containment measure. HCA Healthcare also reported this event to law enforcement, retained third-party forensic and threat intelligence advisors to investigate the incident, and secured complimentary credit and identity protection services for affected individuals.
HCA Healthcare cares deeply about the patients it serves and takes this incident very seriously. Patients are encouraged to be vigilant against identity theft and fraud by reviewing account statements, monitoring any available credit reports for unauthorized or suspicious activity, and taking care in response to any email, telephone or other contacts that ask for personal or sensitive information (e.g., phishing). HCA Healthcare will never request sensitive information by phone or email and encourages patients to remain vigilant in identifying calls, emails or SMS texts which appear to be spam or fraudulent. Additionally, HCA Healthcare is providing complimentary credit monitoring and identity protection services to affected individuals for 2 years via IDX. Information regarding these services and enrollment instructions are included in the notification letters which are being mailed to impacted individuals, in addition to this press release.
HCA Healthcare has also established a dedicated toll-free call center to support individuals with questions about the incident. The call center can be reached at 1-888-993-0010, Monday to Friday from 8 am – 8 pm Central Time, excluding major
All references to "HCA Healthcare" as used throughout this document refer to HCA Healthcare and its affiliates.
View original content:https://www.prnewswire.com/news-releases/hca-healthcare-provides-substitute-notice-to-certain-patients-about-a-previously-disclosed-data-security-incident-301899374.html
SOURCE HCA Healthcare
FAQ
What is the impact of the data security incident on HCA Healthcare (NYSE: HCA) patients?
What kind of patient information was exposed in the data security incident at HCA Healthcare (NYSE: HCA)?