OKEECHOBEE- HCA Healthcare announced on July 10 that they had discovered that 11 million patients may have had their data leaked online. HCA Healthcare own multiple hospitals in Florida, including Raulerson in Okeechobee and Lawnwood in Fort Pierce.

In a press release, HCA said a list of patient data was made available by an unknown and unauthorized party on an online forum.  That list included: patient name, city, state, and zip code; patient email, telephone number, date of birth, gender; and patient service date, location and next appointment date.

HCA says the information didn’t include clinical information, such as treatment, diagnosis, or condition; payment information, such as credit card or account numbers; or sensitive information, such as passwords, driver’s license or social security numbers.

“This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages,” said HCA in a statement on their website. “There has been no disruption to the care and services HCA Healthcare provides to patients and communities. This incident has not caused any disruption to the day-to-day operations of HCA Healthcare.”

The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate.

HCA Healthcare provides healthcare services with 180 hospitals and 2,300+ sites across 20 states and the United Kingdom.

On July 5 DataBreaches.net first reported that a user on a hacker forum was listing patient data from HCA Healthcare for sale. The user’s ended their post by saying that “HCA Healthcare have until the 10th to meet the demands”.

HCA Healthcare reported the event to law enforcement and has retained third-party forensic and threat intelligence advisors.