July 11, 2023 – HCA Healthcare reported that they recently discovered that a list of patient information had been released on the internet by an unknown and unauthorized party. The published information included:
- Patient name, city, state, and zip code
- Patient email, telephone number, date of birth, gender
- Patient service date, location and next appointment date
The list does not include:
- Clinical information, like treatment, diagnosis, or condition
- Payment information, like credit card or account numbers
- Sensitive information, like passwords, driver’s license or social security numbers
According to the release, this information was likely stolen from an external storage location exclusively used to automate the formatting of email messages. The incident was reported to law enforcement, but it hasn’t caused any disruption to the day-to-day operations of HCA Healthcare.