HCA Healthcare revealed Monday that approximately 11 million patients have been affected by what is considered the largest data breach ever reported by a healthcare provider.
The hospital giant said hackers stole data from an external storage location used to automate emails and then posted the data to an online forum.
HCA, based in Tennessee, operates more than 180 hospitals. The provider said the compromised information includes patients’ names, email addresses and service locations, though it does not believe it includes clinical or payment information.
Affected hospitals and doctors’ offices span 20 states, including many in Texas.
HCA Healthcare reported the event to law enforcement and retained thirdparty forensic and threat intelligence advisors. While the investigation is ongoing, the company has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident.
HCA disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate.