HCA Healthcare, Inc.’s negligence is to blame for a July 2023 data breach that compromised personal and health information of 11 million patients.
A lawsuit was recently filed against HCA Healthcare alleging that its failure to comply with prescribed industry standard data security measures allowed hackers to breach its security and steal the personal and private information of 11 million patients.
HCA Healthcare, based in Nashville Tennessee, operates 180 hospitals and approximately 2,300 ambulatory sites of care, including surgery centers, freestanding ERs, urgent care centers, and physician clinics, in 20 states and the United Kingdom.
What Information Was Stolen?
The list of personal information, which is now for sale onine ,references current and former patients of hospitals and physician centers owned by the company. The information stolen includes –
- date of birth
- email address
- phone number
- appointment information
HCA Healthcare Was Aware Of Data Risk But Failed To Act
Given the frequency of cyberattacks in the medical sector, HCA Healthcare should have understood that the personal data entrusted to it would be at risk of disclosure, the filing charges, adding that the company “could have prevented this data breach by properly securing and encrypting the files and file servers containing the private information.”
“[HCA Healthcare] was, or should have been, fully aware of the unique type and the significant volume of data on [its] server(s), amounting to millions of individuals’ detailed private information, and, thus, the significant number of individuals who would be harmed by the exposure of the unencrypted data,” the lawsuit contends.
Victims Now Face Lifelong Threat Of Identity Theft And Fraud
The lawsuit alleges the ramifications of HCA Healthcare’s failure to keep secure the private information of its patients are long lasting and severe, “Once private information is stolen, fraudulent use of that information and damage to victims may continue for years.”
HCA Healthcare is currently sending email notices to affected patients, followed by a notification letter via regular mail. While patients may not recognize the HCA Healthcare name, the company says that if you were treated at one of their facilities, your personal data may have been breached.
You can view a list of affected HCA facilities, which includes hospitals, cardiology offices, surgery centers and more, by clicking this link and scrolling down the page until you see the “Affected Facilities” box. Just a few of the larger facilities believed to have been affected include:
- Methodist Hospital (TX)
- Mission Hospital – Asheville (NC)
- Medical City Dallas (TX)
- TriStar Centennial Medical Center (TN)
- Johnston-Willis Hospital (VA)
- St. David’s Medical Center (TX)
- Good Samaritan Hospital (CA)
- Swedish Medical Center (CO)
- Wesley Medical Center (KS)
- Sunrise Hospital & Medical Center (NV)
How Can a Lawsuit Help Me?
A lawsuit could help patients recover money for out-of-pocket expenses, as well as lost time dealing with the data breach. It could also force HCA Healthcare to take stronger measures to protect patient data.
The lawsuit seeks to represent anyone in the United States whose personal information was accessed or acquired by an unauthorized party as a result of the data breach that HCA Healthcare reportedly experienced on July 5, 2023.
Tags: cyber attack