HCA Healthcare Reports Data Security Incident
- Patient name, city, state, and zip code;
- Patient email, telephone number, date of birth, gender; and
- Patient service date, location and next appointment date.
HCA Healthcare has confirmed that the list contains information used for email messages, such as reminders that patients may wish to schedule an appointment and education on healthcare programs and services.
Importantly, the list does not include:
- Clinical information, such as treatment, diagnosis, or condition;
- Payment information, such as credit card or account numbers;
- Sensitive information, such as passwords, driver’s license or social security numbers.
This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages. There has been no disruption to the care and services HCA Healthcare provides to patients and communities. This incident has not caused any disruption to the day-to-day operations of HCA Healthcare. Based on the information known at this time, the company does not believe the incident will materially impact its business, operations or financial results.
HCA Healthcare reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. While our investigation is ongoing, the company has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident. The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate.
HCA Healthcare believes the privacy of its patients is a vital part of its mission and remains committed to maintaining the security of their personal information. HCA Healthcare has created a dedicated webpage at hcahealthcare.com/privacyupdate to keep its patients informed.
About HCA Healthcare
Cautionary Note Regarding Forward-Looking Statements
This press release contains forward-looking statements within the meaning of the federal securities laws, which involve risks and uncertainties. Forward-looking statements include all statements that do not relate solely to historical or current facts. Forward-looking statements can be identified by the use of words like “may,” “believe,” “will,” “expect,” “project,” “estimate,” “anticipate,” “plan,” “initiative” or “continue.” These forward-looking statements are based on our current plans and expectations and are subject to a number of known and unknown uncertainties and risks, many of which are beyond our control, which could significantly affect current plans and expectations and our future financial position and results of operations.
The risks and uncertainties in connection with such forward-looking statements related to the cybersecurity incident include, but are not limited to, the occurrence of any event, change or other circumstances relating to the scope of the incident; the nature, type and amount of data accessed; any future operational interruptions; the Company’s ability to assess and remedy the incident; the Company’s steps to minimize unauthorized access into its information systems; incremental expenses associated with the Company’s on-going assessment of the incident; the nature and scope of any claims, litigation or regulatory proceedings that may be brought against the Company or other affected parties as a result of the incident; the availability of insurance coverage; and other legal, reputational and financial risks resulting from this or other cybersecurity incidents and the potential impact of this incident on our revenues, operating expenses, and operating results.
All references to “Company,” “HCA” and “HCA Healthcare” as used throughout this document refer to HCA Healthcare, Inc. and its affiliates.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230710017018/en/
INVESTOR CONTACT:
Frank Morgan
615-344-2688
MEDIA CONTACT:
Harlow Sumerford
615-344-1851
Source: HCA Healthcare