HCA discloses massive data breach affecting 11 million patients

HCA Healthcare revealed Monday that it’s experienced what is likely the largest data breach ever reported by a health care provider, with approximately 11 million patients affected.

The for-profit hospital giant said hackers stole the data from an external storage location that’s used to automate emails and then posted the data to an online forum. Nashville, Tenn.-based HCA, which operates more than 180 hospitals, said the compromised information includes patients’ names, email addresses, and service locations, but the company does not believe it includes clinical or payment information. The list of affected sites includes about 1,400 hospitals and physician offices across 20 states.

HCA did not disclose when the information was stolen, nor what time period it covered. HCA did not respond to a request for comment.

STAT+ Exclusive Story

Already have an account? Log in

This article is exclusive to STAT+ subscribers

Unlock this article — plus daily market-moving biopharma analysis — by subscribing to STAT+.

Already have an account? Log in

Already have an account? Log in

Individual plans

Group plans

Monthly

$39

Totals $468 per year

$39/month Get Started

Totals $468 per year

Starter

$30

for 3 months, then $39/month

$30 for 3 months Get Started

Then $39/month

Annual

$399

Save 15%

$399/year Get Started

Save 15%

11+ Users

Custom

Savings start at 25%!

Request A Quote Request A Quote

Savings start at 25%!

2-10 Users

$300

Annually per user

$300/year Get Started

$300 Annually per user

View All Plans

Get unlimited access to award-winning journalism and exclusive events.

Subscribe

Log In