Eleven million Americans in twenty states, whose only desire was to take care of their health, now have their data disclosed by the facility they trusted with that data; their hospital.
HCA (Hospital Corporation of America) announced on July 5 that it learned of a data breach. On July 10th, HCA made the public announcement of the « data security incident », and since then millions of HCA patients have received emails informing them very professionally, that their personal data is now probably on the dark web, being traded about like cigarettes in prison (but we really don’t KNOW that part – Ed.).
According to HCA (one of the largest healthcare providers in the United States) the theft occurred from an « offsite storage location ». The stolen data includes full names, full physical and email addresses, phone numbers, date of birth, gender, location and dates of service, and date of next appointment. Hey, at least they haven’t received any HIPAA-protected health information — or at least HCA right now believes the theft did not include any clinical information.
Since the announcement and emails, HCA Healthcare has filed at least four class action lawsuits against them. This might be a small condolence for those who realize that Kim Jong Un is reading all about their erectile dysfunction for laughs over his breakfast cereal. Seriously, this information can pose a serious risk to patients whose demographics make them prime targets for phishing and phone scams.
A deeper exploration can be read on Bleeping Computerand many other national news outlets also have some coverage.