Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

HCA Healthcare data breach impacts 11 million patients

The organization is facing at least five class action lawsuits related to the data breach

Add bookmark
Olivia Powell
Olivia Powell
07/19/2023
A doctor in lab safety gear sitting in front of a computer

US-based healthcare company, HCA Healthcare, has suffered a data breach impacting 11 million patients.

The cyber attack was discovered on July 10, after the personal data of patients was posted online. In a statement regarding the breach, HCA Healthcare says the data appears to have been stolen from “an external storage location exclusively used to automate the formatting of email messages”.

As the data stolen during the cyber attack is used for email messages, for example reminders to patients to book appointments, the dataset includes personally identifying information. This information includes:

  • Patient names, cities, states and zip codes.
  • The telephone numbers, email addresses, gender and dates of birth of patients.
  • The service dates, locations and the dates of upcoming appointments.
  • After the unauthorized access and data theft was discovered, HCA Healthcare disabled access to the third-party storage location. The company also contacted all those impacted by the data breach.

The data stolen and posted online did not include any clinical information, payment information or sensitive information, e.g. social security numbers. HCA Healthcare assured its patients that the cyber attack had not impacted the company’s processes and does not believe it will “materially impact its business, operations or financial results”.

HCA Healthcare said that it had launched an investigation into the data breach and had reported it to the relevant authorities.

While the investigation in the data breach is ongoing, HCA Healthcare reported that during initial investigations the company had “not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident”.

Following the cyber attack and subsequent data breach, HCA Healthcare patients have filed no less than five class action lawsuits related to the cyber security incident. The lawsuits have been filed in Nashville, where HCA Healthcare is based, Florida, California and Texas.

The class action lawsuits allege that HCA Healthcare was negligent and failed to properly protect patients’ data.

In one of the cases, plaintiffs Gary Silvers and Richard Marous say that due to the data breach they now face “a lifetime risk of identity theft due to the nature of the information lost, and a diminishment in the value of their private data”. They allege that HCA Healthcare should have known the value the data had to cyber criminals and implemented better security measures.

Plaintiffs also allege that the data security guidelines followed by HCA Healthcare failed to comply with those set by the Federal Trade Commission or in the Health Insurance Portability and Accountability Act. 

Tags: cyber attack cyber security cyber security news

Upcoming Events

16th Automotive Cybersecurity Summit 2026

March 18 - 19, 2026

Sheraton Ann Arbor Hotel, Ann Arbor, Michigan

Register Now View Agenda View Event
16th Automotive Cybersecurity Summit 2026

Digital Identity Week

1st - 2nd September 2026

Sydney, Australia

Register Now View Agenda View Event
Digital Identity Week

Latest Webinars

From Dependencies to Defences: Navigating Software Supply Chain Security

2025-09-24

11:00 AM - 12:00 PM SGT

Learn how to defend your software supply chain from dependency threats and build resilient security...

From Dependencies to Defences: Navigating Software Supply Chain Security

Unpacking global regulatory frameworks to enhance third-party operational resilience

2024-11-14

11:00 AM - 12:00 PM EST

Join this webinar to explore the resilience-focused requirements of DORA, NIS2 and other global regu...

Unpacking global regulatory frameworks to enhance third-party operational resilience

Preventing financial and reputational risk with process intelligence

2024-05-23

11:00 AM - 12:00 PM EDT

Learn how to manage risk stemming from poorly controlled processes in a collaborative way

Preventing financial and reputational risk with process intelligence

Recommended

info@cshub.com/r/n

We hope you enjoy All Access from CS Hub!!<\/p>\r\n<p>Best Regards,<\/p>\r\n<p><a href=https://www.cshub.com/"https:////www.cshub.com///" target=\"_blank\">CS Hub Team<\/a><\/p>\r\n<p>P.S. Be sure to check out our other upcoming <a href=https://www.cshub.com/"https:////www.cshub.com//events?filter_format=ONLINE\%22 target=\"_blank\">All Access events here<\/a>.<\/p>\r\n<p>--------------------------------<\/p>\r\nConnect with us on Social Media: <a href=https://www.cshub.com/"https:////www.linkedin.com//groups//12067996///" target=\"_blank\">LinkedIn<\/a> | <a href=https://www.cshub.com/"https:////twitter.com//CSHubUSA/" target=\"_blank\">Twitter<\/a><\/p>\r\n<p>--------------------------------<\/p>\r\n<p>FAQS<\/p>\r\n<p><b>Can I invite my colleagues?<\/b><br>Yes of course! Please send them this link so they can register for free! [WebUrl]<\/p>\r\n\r\n<p><b>How do I access the sessions?<\/b><br>\r\nAll Access is run on Zoom Events. You should receive an email shortly from Zoom Events with your unique All Access link to the event lobby. Please hold on to that email ahead of the event. We\u2019ll also send you a reminder 24 hours before we go live!<\/p>\r\n\r\n<p><b>Will the agenda be updated?<\/b><br>\r\nYes, the agenda will be continuously updated on the website with the latest sessions & speakers. As we get closer to the event, also look out for our weekly updates which will also include the latest updates information and link to access the event.<\/p>\r\n<p><b>Can I access the sessions On Demand?<\/b><br>\r\nEvery session will be available after the event via the event lobby. We\u2019ll also send you a reminder about the On Demand sessions which will be sent to you after the event is over.<\/p>\r\n<p>--------------------------------<\/p>\r\n<p>RELATED RESOURCES TO READ BEFORE YOUR EVENT<\/p>\r\n<ul>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//executive-decisions//reports//cs-hub-mid-year-market-report-2022?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CS Hub Mid-Year Market Report 2022<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//ciso-strategies-for-proactive-threat-prevention?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CISO strategies for proactive threat prevention<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//how-to-strengthen-email-security-and-protection-against-advanced-ransomware-attacks?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">How to strengthen email security and protection against advanced ransomware attacks<\/a><\/li>\r\n<\/ul>","event_registration_srs_confirmation_email":null,"assets_from_cdn":true},"bant_disabled":1,"sponsorship_disclaimer":null,"sponsorship_disclaimer_text":null,"sponsorship_disclaimer_checkbox_disabled":0,"ext_treat_id":null,"recording_url":null,"file_attachment":null,"ingo_enabled":0,"ingo_activator_id":null,"ingo_autofiller_id":null,"ingo_amplifier_id":null,"ingo_authorizer_id":null,"restricted_content":0,"featured_events_embedded":[],"featured_content_embedded":[{"id":"647775a1bb20ab243e521530","name":"CommonSpirit Health reports that ransomware attack cost $160 million","description":"The personal data of more than 623,700 patients was exposed during the attack","file":null,"url":"\/attacks\/news\/commonspirit-health-reports-that-ransomware-attack-cost-160-million"},{"id":"64a6b8e07db42d07d57d22fb","name":"The 9 most common types of malware (and some of the worst malware attacks in history)","description":"We take a look at the most common forms of malware and how these cyber security attacks have wreaked havoc on IT systems worldwide.","file":null,"url":"\/malware\/articles\/the-9-most-common-types-of-malware-and-the-worst-malware-attacks-in-history"},{"id":"636d1f8354f7cd64997719d4","name":"IOTW: Everything we know about the Medibank data leak","description":"The malicious actor has released information regarding treatment for addiction, HIV and abortion","file":null,"url":"\/attacks\/news\/iotw-everything-we-know-about-the-medibank-data-leak"},{"id":"64007a352778e53d8a0aedde","name":"Why healthcare providers are focusing on cyber resilience","description":"Jojo Nufable, group IT infrastructure and cyber security head at Metro Pacific Health Solutions, on why health providers are choosing a cyber resilient security strategy to protect patients\u2019 private information","file":null,"url":"\/threat-defense\/interviews\/why-healthcare-providers-are-focusing-on-cyber-resilience"},{"id":"6486f220b1aecd15ea766c7e","name":"Health Service Ireland latest victim of MOVEit cyber attack","description":"HSE has grown the rapidly growing list of victims in the supply chain attack against MOVEit","file":null,"url":"\/attacks\/news\/health-service-ireland-latest-victim-of-moveit-cyber-attack"}],"featured_content_portal_embedded":null}" >

FIND CONTENT BY TYPE

News Case Studies Interviews White Papers Videos

Cyber Security Hub COMMUNITY

About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Cyber Security Hub, a division of IQPC

© 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC | Contact Us | About Us | Cookie Policy