HCA Healthcare, one of the largest healthcare organizations in the United States, was the victim of a cyber attack that stole sensitive patient information from millions of users.
A report from CNBC claims the database is now up for sale on a dark web forum, with the data appearing to include patients’ names, places of residence and where they last visited. The company confirmed being a victim of the attack but added that the hackers, whose identity is currently unknown, did not steal any clinical information.
Not everyone agrees with this assessment, however, as reporters from DataBreaches.net claim to have received a sample containing data on a patient’s “Lung Cancer Low Risk Score”.
tens of millions of victims
The death toll is estimated in the “tens of millions” and includes residents of nearly two dozen states, including Florida and Texas.
Emsisoft cybersecurity researcher Brett Callow found the database and argued that this is “possibly one of the biggest public health breaches of the year and one of the biggest of all time”.
“Although it affects millions of people, it may not be as damaging as other violations because, according to the HCA statement, it appears to have had no impact on diagnoses or other medical information,” Callow told CNBC. “However, the hacker claimed to have ‘health diagnosis emails matching a client ID.'”
HCA Healthcare is an American for-profit healthcare facility operator. The company was founded in 1968 and is based in Nashville, Tennessee.
The company operates more than 180 hospitals across the country and around 2,000 care facilities. This includes surgical centers, freestanding emergency rooms, urgent care centers and physician offices in 21 states. It also has offices in the UK.
