Published on

HCA Healthcare Data Breach and Class Action Suit

  • avatar
    Steve Manning

FloridaBlue Partner - HCA Healthcare 11 million users data sold on dark web - 20 States including Florida.

HCA Healthcare Reports Data Security Incident NASHVILLE, Tenn., July 10, 2023 – HCA Healthcare, Inc. (NYSE:HCA) recently discovered that a list of certain information with respect to some of its patients was made available by an unknown and unauthorized party on an online forum. The list includes:

Patient name, city, state, and zip code; Patient email, telephone number, date of birth, gender; and Patient service date, location and next appointment date. HCA Healthcare has confirmed that the list contains information used for email messages, such as reminders that patients may wish to schedule an appointment and education on healthcare programs and services.

HCA Incident Report - Check Florida Facilities

Class Action Suit - HIPAA Vialations


Just one week after HCA Healthcare reported a data theft that affected more than 170 of its hospitals and could impact more than 11 million of its patients, the sprawling Nashville-based health system is facing a class action lawsuit for the breach.

WHY IT MATTERS According the lawsuit, filed in U.S District Court in Middle District of Tennessee, plaintiffs Gary Silvers and Richard Marous, two HCA patients living in Florida, "seek monetary damages and injunctive and declaratory relief" arising from HCA's failure to safeguard the personally identifiable information and protected health information of the patients of "hospitals and physician groups it owned or operated, which resulted in unauthorized access to its information systems on or around June 2023."

The plaintiffs allege that HCA "did not use reasonable security procedures and practices appropriate to the nature of the sensitive information it was maintaining" for its patients and customers, such as encrypting the data or deleting it when it's no longer needed.