A data breach affecting roughly 11 million people was announced on Monday by HCA Healthcare Inc., the parent company of Medical City Healthcare in Dallas-Fort Worth.
HCA discovered a list of information posted to an online forum, including 27 million rows of information stolen in the data breach, per Community Impact.
The information on the forum includes “Patient name, city, state, and zip code; Patient email, telephone number, date of birth, gender; and Patient service date, location and next appointment date,” per a news release from HCA Healthcare.
No further information was discovered on the forum. It did not contain anything regarding “Clinical information, such as treatment, diagnosis, or condition; Payment information, such as credit card or account numbers; Sensitive information, such as passwords, driver’s license or social security numbers,” the release claimed.
The names on the list have been confirmed to be patients and clients of the company. More sensitive medical information was apparently not stolen because the theft appeared to be from “an external storage location exclusively used to automate the formatting of email messages.”
Security consultant Andrew Sternke said it was a good sign that the more sensitive information was not breached, but he cautioned that hackers could still utilize the data published on the forum.
“Patients’ names, their location, telephone number, date of birth and gender … that gives all the information … used to steal identities,” said Sternke, per CBS News.
After learning about the incident, HCA said it took multiple steps to contain the breach and inform those affected.
“The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate,” stated HCA in the news release.
The company stated it has “retained third-party forensic and threat intelligence advisors,” and law enforcement has already been contacted.
Medical City Healthcare is one of the largest healthcare providers in North Texas, with 16 hospitals, four off-campus emergency rooms, and 12 ambulatory surgery centers. The company employs 17,000 staff members and 5,000 active physicians in the Dallas-Fort Worth Area.
A full list of affected locations can be found on the HCA website.