One of America’s most prominent healthcare facility owners and operators, HCA Healthcare, confirmed a data breach incident that affects approximately 11 million patients. Based on reports, threat actors leaked samples of the compromised data on a hacking forum.
Most of the affected individuals are the ones who receive care from the organisation’s hospitals and clinics. The affected entity has 182 hospitals and over 2,000 healthcare centres across 21 US and the UK.
A threat actor sells the stolen data from HCA Healthcare.
Earlier this month, an alleged threat actor started selling information allegedly owned by HCA Healthcare on a forum that sold, traded, and leaked stolen information. This forum post contains samples of the stolen database, which the hacker claims include 17 files and about 27 million database records.
In addition, the attackers said that the stolen details were patient records processed between 2021 and 2023. These threat actors initially offered HCA Healthcare a ransom, but the firm allegedly did not contact the attackers. Hence, the attackers offered the database for sale on the dark web. Several threat groups expressed their interest in acquiring the stolen data.
HCA confirmed earlier this week that the leaked data on the hacking forum is legitimate, and the database could impact about 11 million individuals. Additionally, the company explained that the stolen data came from one of the external storage locations they use to format patient email messages.
The cyberattack did not disrupt the services of HCA Healthcare to their patients and communities. The confirmed data from the data leak website are full names, city/state/ZIP codes, email addresses, telephone numbers, dates of birth, gender, service date and location, and subsequent appointment dates.
These details are essential for threat actors in conducting other malicious activities, such as scams and phishing campaigns. Some attackers could also use the information to form a social engineering tactic to make their campaigns more efficient and convincing.
HCA does not believe that the stolen data includes critical information such as banking details and patient health records. However, cybersecurity researchers expect that the stolen data could lead to phishing attacks aimed at affected patients that are in the data exposure.
