HCA Healthcare patient data were stolen

As of this week, a data breach forum is selling personal data for possibly tens of millions of HCA Healthcare patients.

[{"selector":"#anim-2fe3fa1f-4f3a-4d80-b261-58c2c46c8a24","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5866b4ca-c724-4887-b67c-5ebba4df18ff","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d9177b57-faef-485f-a60e-9be3d6871ad9","keyframes":{"transform":["translate3d(0px, 195.69566%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

HCA, one of the top U.S. firms, announced the breach today. It informed patients that their full names, cities, and last physician visits had been compromised in a release.

[{"selector":"#anim-8001a935-d244-4409-aec4-fe79d3783953","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-28ac3df6-2b0f-4a41-9eec-03a0fb10766e","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ea182ca0-e827-4c22-9a92-4c0a1a0d23d7","keyframes":{"transform":["translate3d(0px, 146.98414%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

Healthcare major shares rose 1.4% on Monday and were steady after hours. The provider denied disclosing clinical data.

[{"selector":"#anim-02a735ec-b5ee-47e0-a71e-707f512d0644","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-af31f6c2-8613-4f3e-a235-f801e73ed7ba","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-94d619a1-eefa-4fe6-ab63-e1e9148097a5","keyframes":{"transform":["translate3d(0px, 174.98109%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

DataBreaches.net stated Monday that the unknown hacking organization sent them a sample set of data about a patient's "low-risk" lung cancer assessment.

[{"selector":"#anim-20c2db70-c844-44db-ad1a-49c714ca58bd","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-f64f40f6-41f0-4088-bd97-76fd3eeb7e0c","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-9fc730b9-0b20-4e66-af56-a78e46b343a2","keyframes":{"transform":["translate3d(0px, 146.98414%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

Which contradicts HCA's claim that no substantial or protected health information was accessed.

[{"selector":"#anim-186d44c0-d986-4298-9bde-19fbdf8f4ca2","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-90a9f988-7312-4cd9-86d3-f46eaa36e04c","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-41328664-63e0-4805-8521-00fe8e5e127c","keyframes":{"transform":["translate3d(0px, 202.53721%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

Patients in over two dozen states, including dozens of Florida and Texas clinics, were hacked.

[{"selector":"#anim-9e1f7f2e-3eec-4f64-bd2c-550788b48600","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-21fa3230-6903-470a-9d4a-0cd82b400b1d","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-935061f9-0c09-483e-b921-ba3a4cd458c4","keyframes":{"transform":["translate3d(0px, 202.53721%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

New Zealand-based Emsisoft analyst Brett Callow tweeted about the data transaction.

[{"selector":"#anim-f2a332ac-6538-44dc-9e6d-44e4b59e1a79","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-bc40bced-9890-471e-bf0f-cf5e8339ff55","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7eb0152a-a844-4353-9f5f-e81e5d0ea860","keyframes":{"transform":["translate3d(0px, 273.64060%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

“This may be one of the biggest healthcare breaches of the year and all time. "That said, despite affecting millions of people.

[{"selector":"#anim-bd09463a-6c7a-4396-a15d-19cb91b1ae1e","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-9bc2b90b-bc21-4538-ab0c-bb85b68756d3","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-524a4061-7636-4829-9e3e-380b09ce29a3","keyframes":{"transform":["translate3d(0px, 161.77496%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

It may not be as harmful as other breaches as, based on HCA's statement, it doesn't seem to have impacted diagnoses or other medical information," Callow said.

[{"selector":"#anim-8645f70a-f9b6-4222-9ac5-7815975876c9","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ce81a961-7201-4be4-9144-83e0f00bb4ea","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-26171090-7e3e-4e0e-b9b6-0e2a5b12662f","keyframes":{"transform":["translate3d(0px, 149.33796%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

“The hacker has claimed to have ‘emails with health diagnosis that correspond to a clientID,’” Callow said.

[{"selector":"#anim-2eb24191-4630-490a-a1cd-d846ed77a9ee","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ab5cb8e0-a93f-42f5-9255-f3fd276de360","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-96a29e33-d398-4799-8ce3-0c8e8e4baf1c","keyframes":{"transform":["translate3d(0px, 189.15137%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

[{"selector":"#anim-26d22f36-9376-438d-8594-4f925bfd617c","keyframes":{"opacity":[0,1]},"delay":100,"duration":1700,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b6a6015f-427d-4816-8c42-32957fc63f33","keyframes":{"opacity":[0,1]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-e2e51022-d659-40e7-ad09-b7022fdb6224","keyframes":{"transform":["translate3d(0px, 157.42820%, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":1400,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] Patient data breaches are prevalent but vary in severity. HCA stated the hacked data came from an “external storage location exclusively used to automate the formatting of email messages” and did not include essential medical records.