HCA Healthcare Data Breach Lawsuit: Was Your Info Hacked?
Last Updated on July 2, 2024
Investigation Complete
Attorneys working with ClassAction.org have finished their investigation into this matter.
Check back for any potential updates. The information on this page is for reference only.
Free Consumer Tools:
- Open and Current Class Action Lawsuit Settlements and Rebates
- Open and Current Class Action Lawsuit List, Investigations
- Class Action Lawsuit and Settlement News
- Free Class Action Lawsuit Database
At A Glance
- This Alert Affects:
- Anyone who believes their information may have been compromised in a data breach involving HCA Healthcare, including those who received emailed notices of the incident.
- What’s Going On?
- It has been reported that potentially millions of HCA Healthcare patients have had their personal data stolen and put up for sale online. Attorneys are now investigating a class action lawsuit against the healthcare services provider and need to hear from affected patients to move forward.
- Who Is HCA Healthcare?
- HCA Healthcare owns and/or operates 180 hospitals and 2,300 medical sites (surgery centers, urgent care facilities, physician offices, etc.) across 20 states and the United Kingdom.
- Was I Affected by the Breach?
- If you were treated by one of the company’s hospitals or medical centers, your data may have been breached. You can view a list of the company’s facilities by clicking this link and scrolling down until you see the box titled “Affected Facilities.” As of July 10, HCA is working on sending letters to affected patients, though some patients may receive email notices in the meantime.
- How Can a Lawsuit Help?
- A lawsuit could help patients recover money for out-of-pocket expenses, as well as lost time dealing with the data breach. It could also force HCA Healthcare to take stronger measures to protect patient data.
Attorneys working with ClassAction.org would like to speak to anyone who believes they were affected by the massive data breach announced by HCA Healthcare on July 10, 2023.
It has been reported that potentially millions of HCA Healthcare patients have had their personal information, including names, dates of birth and zip codes, stolen and put up for sale online. Now, attorneys are looking to file a class action lawsuit alleging the healthcare services provider failed to take the appropriate steps to keep patient data safe.
HCA is expected to first send email notices to affected patients, followed by a notification letter via regular mail. While patients may not recognize the HCA Healthcare name, the company says that if you were treated at one of their facilities, your personal data may have been breached.
You can view a list of affected HCA facilities, which includes hospitals, cardiology offices, surgery centers and more, by clicking this link and scrolling down the page until you see the “Affected Facilities” box. Just a few of the larger facilities believed to have been affected include:
- Methodist Hospital (TX)
- Mission Hospital – Asheville (NC)
- Medical City Dallas (TX)
- TriStar Centennial Medical Center (TN)
- Johnston-Willis Hospital (VA)
- St. David’s Medical Center (TX)
- Good Samaritan Hospital (CA)
- Swedish Medical Center (CO)
- Wesley Medical Center (KS)
- Sunrise Hospital & Medical Center (NV)
HCA Data Hack: What Happened?
HCA announced that a list containing approximately 27 million rows of data including the personal information of potentially 11 million patients was “made available by an unknown and unauthorized party on an online forum.” The list of HCA patient data leaked in the scandal includes names; birthdates; telephone numbers and email addresses; certain address data, including zip codes; gender; and service dates, locations and next appointment dates.
Claims have surfaced, however, that the 11 million number reported by the company, which treats more than 35 million individuals every year, may be too low. Indeed, DataBreaches.net reports the following (emphasis ours):
…while the hacker didn’t offer proof of the total number of patients whose data was acquired, the seller uploaded a second sample of data yesterday — 1 million records seemingly from the San Antonio Division, where each record was one patient…If there are 1 million patients’ records for just one division…is it possible that the hacker really did acquire more than 11 million patients’ information — especially when the original listing indicated that more data would be included in the sale than the 27+ million rows?”
The data was reportedly stolen from “an external storage location exclusively used to automate the formatting of email messages,” HCA writes, and went up for sale on a deep web forum after hackers gave the healthcare services provider a July 10 deadline to meet certain “unspecified demands.”
Nearly 1,000 medical facilities have been affected by the HCA data breach and are located in the following states: Alaska, California, Colorado, Florida, Georgia, Idaho, Indiana, Kansas, Kentucky, Louisiana, Missouri, Mississippi, Nevada, New Hampshire, North Carolina, South Carolina, Tennessee, Texas, Utah and Virginia.
The full list of affected hospitals and other medical establishments can be seen about a quarter of the way down this page.
How Could an HCA Lawsuit Help?
If filed and successful, a class action lawsuit against HCA over the data breach could provide:
- Reimbursement for lost time spent responding to the breach
- Reimbursement for out-of-pocket losses resulting from the breach
- Compensation for loss of privacy
It could also force HCA to implement stronger data security measures to ensure patients’ information is protected from unauthorized access.
Before commenting, please review our comment policy.