The largest data breach that a healthcare provider has likely ever reported affected about 11 million patients, according to HCA Healthcare’s disclosure on Monday.
The for-profit hospital colossus reported that hackers stole data from an external storage location used to automate emails and then posted the information on an online forum.
The compromised information includes patients’ names, email addresses, and service locations, but the company does not believe it includes clinical or payment information.
HCA, headquartered in Nashville, Tennessee, operates more than 180 hospitals. There are approximately 1,400 hospitals and physician offices across 20 states on the list of affected sites.
HCA did not disclose the date of the data breach or the time period it covered. HCA declined to comment in response to a request.
Unlock this article by subscribing to STAT+ for free for the first thirty days.
