An unauthorized party stole patient data from Nashville, Tenn.-based HCA Healthcare and posted it to an online forum.
The healthcare giant says that the data was taken from an external storage location used to automate email formatting, according to a July 10 HCA Healthcare news release provided to Becker's.
HCA could not confirm the exact number of individuals whose data was affected. The health system believes the theft affected 27 million rows of data that may include information of about 11 million HCA patients.
The stolen data includes:
- Patient name, city, state and ZIP code
- Patient email, telephone number, date of birth and gender
- Patient service date, location and next appointment date.
The data incident has not caused any disruption of services at HCA, and the health system is collaborating with law enforcement and third-party services in the investigation.
HCA did not disclose when the data was posted to the forum.