Share this article on:
A cyber attack on a US healthcare provider has seen hackers steal the data of 11 million patients.
HCA Healthcare, one of the largest healthcare facility operators in the US, confirmed the attack in a press release earlier this week, after hackers behind the attack released samples of the stolen data on a hacking forum.
“HCA Healthcare Inc. (NYSE:HCA) recently discovered that a list of certain information with respect to some of its patients was made available by an unknown and unauthorised party on an online forum,” the release said.
The hacker behind the attack originally used the stolen data to extort HCA Healthcare, saying the organisation had until 10 July to “meet the demands”, likely referring to ransom payments.
However, on 5 July, the hacker began selling data on a hacking forum which is often used as a marketplace for stolen data. The samples of the stolen data were also released there. The entire database contains 17 files and 27.7 million database records, according to the hacker.
According to HCA Healthcare, the stolen data is that of 11 million patients who received treatment at one of its hospitals.
“HCA Healthcare believes that the list contains approximately 27 million rows of data that may include information for approximately 11 million HCA Healthcare patients.”
The stolen data includes:
The organisation confirmed that despite this, important data such as financial and payment information, sensitive personal data such as passwords, and clinical information all remained secure.
“This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages. There has been no disruption to the care and services HCA Healthcare provides to patients and communities,” the release said.
“This incident has not caused any disruption to the day-to-day operations of HCA Healthcare. Based on the information known at this time, the company does not believe the incident will materially impact its business, operations or financial results.”
An investigation into the breach has been launched and relevant law enforcement and authorities have been informed. In addition, HCA Healthcare has engaged third-party digital forensics teams.
Access to the location of the breach has also been locked down to ensure the breach is contained.
Healthcare and medical institutions are some of the most hit by threat actors, as the urgent and important nature of their work raises the stakes of paying a ransom demand. Despite this, a movement encouraging companies to withhold ransom from hackers has erupted following the recent wave of major cyber attacks, as paying a hacker only incentivises further attacks, and there is no proof that a hacker will meet their end of the bargain, and decrypt or delete stolen data.