HCA Healthcare Failed to Protect Personal Data of 11M Patients, Class Action Says

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims negligence on the part of HCA Healthcare, Inc. is to blame for a July 2023 data breach that compromised the personal information of 11 million patients.

Did you receive a data breach email or letter from HCA Healthcare? Let us know here.

The 39-page lawsuit says that on July 5, an unauthorized third party accessed and stole a list of private data from an “external storage location” that HCA Healthcare used “to automate the formatting of email messages.”

The list of personal information, which was reportedly posted for sale online, pertained to current and former patients of hospitals or physician centers owned by the company and included individuals’ names, dates of birth, email addresses, phone numbers and gender, the suit relays. According to the case, the data breach also compromised patients’ cities, states, zip codes and appointment information such as service dates, locations and next appointment dates.

A list of the affected healthcare facilities can be found on HCA’s website.

The complaint argues that the Nashville, Tennessee-based company, which operates hospitals and a variety of medical sites in 20 states and the United Kingdom, failed to implement reasonable data security measures to adequately protect the private information maintained in its computer systems.

Given the frequency of cyberattacks in the medical sector, HCA Healthcare should have understood that the personal data entrusted to it would be at risk of disclosure, the filing charges, adding that the company “could have prevented this data breach by properly securing and encrypting the files and file servers containing the private information.”

“[HCA Healthcare] was, or should have been, fully aware of the unique type and the significant volume of data on [its] server(s), amounting to millions of individuals’ detailed private information, and, thus, the significant number of individuals who would be harmed by the exposure of the unencrypted data,” the lawsuit contends.

Like other victims, the plaintiffs—patients of HCA Florida Woodmont Hospital and HCA North Florida Hospital—now face a lifelong threat of medical fraud and identity theft as a result of the company’s negligence, the suit claims.

“The ramifications of [HCA Healthcare’s] failure to keep secure the private information of [the plaintiffs] and Class members are long lasting and severe,” the case describes. “Once private information is stolen, fraudulent use of that information and damage to victims may continue for years.”

The lawsuit looks to represent anyone in the United States whose personal information was accessed or acquired by an unauthorized party as a result of the data breach that HCA Healthcare reportedly experienced on July 5, 2023.

Did you receive a data breach email or letter from HCA Healthcare? Let us know here.