Call:  (407) 331-6620 or (850) 439-1001
Toll-free:  (888) 331-6620 

Search
Pay Online
Contact Us
Subscribe To Our Monthly Newsletter
e-book thumbnail

Seven Things To Know When You Receive A Notice Of Investigation From The Department Of Health

Download Free Copy

HCA Healthcare Data Breach May Affect 11 Million Patients

Author HeadshotBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On July 11, 2023, HCA Healthcare, which operates 180 hospitals in the U.S. and Britain, said a hacker may have stolen the personal data of about 11 million patients in a data breach. A press release warned patients that critical personal information had been compromised, including their full name, city, and when and where they last saw a healthcare provider.

What Happened to the Patient Data?

Data samples, including addresses, phone numbers, e-mails, and birth dates, were posted to DataBreaches.net (an online forum popular with cyber crooks) by a hacker trying to sell them. However, after publication, an HCA spokesperson told CNBC that the sample data set published was only a “marketing campaign” (or fake data) and was not an individual patient’s real medical assessment.

Who is Affected?

The hack affects patients in nearly two dozen states, including those from dozens of Florida and Texas facilities. The data also included information on scheduled appointments and the medical departments involved. The hacker also dumped a file online in what appeared to be a failed attempt to extort HCA. It included nearly one million records from the company’s San Antonio division.

Patient data breaches are not uncommon, but they can vary in scope and effect. HCA’s breach did not include critical medical records. The company said that the breached data originated at an external storage location exclusively used to automate the formatting of e-mail messages.

HCA Healthcare will offer credit monitoring and identity protection services for patients who have been impacted. But in the meantime, the company is encouraging everyone to look out for spam calls, texts, or e-mails, targeting them for fraud and scams.

For more information on this topic, read one of my prior blogs.

Contact Health Law Attorneys Experienced in Representing Health Care Professionals and Providers.

At the Health Law Firm, we provide legal services for all healthcare providers and professionals. This includes physicians, nurses, dentists, psychologists, psychiatrists, mental health counselors, home health agencies, hospitals, ambulatory surgical centers, social workers, assisted living facilities, and other healthcare providers. It includes resident physicians and fellows, medical students, medical school professors, and clinical staff. We represent health facilities, individuals, groups, and institutions in contracts, sales, mergers, and acquisitions. The lawyers of The Health Law Firm are experienced in complex litigation and both formal and informal administrative hearings. We also represent physicians, nurses, and mental health professionals in investigations for alleged wrongdoing, patient complaints, and Department of Health investigations.

To contact The Health Law Firm, please call our office at (407) 331-6620 or toll-free at (888) 331-6620 and visit our website at www.TheHealthLawFirm.com.

Sources:

Bajak, Frank. “HCA Healthcare says data breach may affect 11 million patients in 20 states.” Associated Press (AP). (July 11, 2023). https://apnews.com/article/data-breach-hca-healthcare-hack-identity-theft-507d8b8915dd934a5be4bd6fb853dfb1

Galarza, Monica. “HCA Healthcare data breach impacts millions of patients, dozens of Florida facilities. Here’s what to know.” CNBC. (July 11, 2023). https://www.nbcmiami.com/news/business/money-report/hca-healthcare-data-breach-impacts-millions-of-patients-dozens-of-florida-facilities-heres-what-to-know/3069139/#:~:text=HCA%20Healthcare%20released%20a%20statement,locations%20of%20the%20patients’%20appointments

Goswami, Rohan. “HCA Healthcare patient data stolen and for sale by hackers.” CNBC.
(July 10, 2023). https://www.cnbc.com/2023/07/10/hca-healthcare-patient-data-stolen-and-for-sale-by-hackers.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law; he is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll-Free: (888) 331-6620.

Current Open Positions with The Health Law Firm. The Health Law Firm always seeks qualified individuals interested in health law. Its main office is in the Orlando, Florida, area. If you are a current member of The Florida Bar or a qualified professional who is interested, please forward a cover letter and resume to: Kbrant@TheHealthLawFirm.com or fax them to (407) 331-3030.

The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2023 The Health Law

Picture of By George F. Indest III, J.D., M.P.A., LL.M.

By George F. Indest III, J.D., M.P.A., LL.M.

Board Certified by The Florida Bar in Health Law

All Posts

Main Office • 1101 Douglas Avenue, Suite 1000, Altamonte Springs, FL 32714   Telephone: (407) 331-6620

By Appointment • 37 N. Orange Avenue, Suite 500, Orlando, FL 32801  Telephone: (888) 331-6620

By Appointment • 201 E. Government Street, Pensacola, FL 32502  Telephone: (850) 439-1001 Telefax: (407) 331-3030

By Appointment: 201 St. Charles Avenue, Suite 2500, New Orleans, LA 70170

Medicare/Medicaid Audits, Health Care Law, Contracts, Hospital Privileges Hearings, Investigations, DEA Defense, Board of Medicine Defense, Healthcare Fraud Defense, Medical Staff Fair Hearings, Administrative Hearings, PRN, IPN, Professional Licensing, Medicare/Medicaid Fraud Defense, Nursing Law, Hospital Peer Review,  Hospital Law, Board of Dentistry, Board of Nursing Complaint Defense, Board of Pharmacy, Medicaid Fraud Control Unit (MFCU) Defense, Search Warrant and Subpoena Defense, NBME Representation, USMLE Challenges, ABIM Representation, Resident Physician Defense, VA & Military Physician Defense, Department of Health Investigation Defense, and more…

Available in the following Florida cities and counties: Daytona Beach, Fort Lauderdale, Gainesville, Jacksonville, Key West, Melbourne, Miami, Ocala, Orlando, Pensacola, Panama City, Sarasota, St. Petersburg, Tallahassee, Tampa, West Palm Beach, Alachua, Baker, Bay, Bradford, Brevard, Broward, Calhoun, Charlotte, Citrus, Clay, Collier, Columbia, Dade, De Soto, Dixie, Duval, Escambia, Flagler, Franklin, Gadsden, Gilchrist, Glades, Gulf, Hamilton, Hardee, Hendry, Hernando, Highlands, Hillsborough, Holmes, Indian River, Jackson, Jefferson, Lafayette, Lake, Lee, Leon, Levy, Liberty, Madison, Manatee, Marion, Martin, Monroe, Nassau, Okaloosa, Okeechobee, Orange, Osceloa, Palm Beach, Pasco, Pinellas, Polk, Putnam, St. Johns, St. Lucie, Santa Rosa, Sarasota, Seminole, Sumter, Suwannee, Taylor, Union, Volusia, Wakulla, Walton, and Washington

By making this website information available for those who access it does not constitute doing business in or having a presence in any state or jurisdiction, nor does it constitute an advertisement sent to or a solicitation made in any state or jurisdiction. This firm is located in and maintains a presence in only those states where the firm maintains an actual physical office. Its attorneys are only admitted to practice in those states specifically listed on their resumes.

Available in the following states: Alabama, Alaska, Arizona, Arkansas, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Washington, West Virginia, Wisconsin, and Wyoming

Disclaimer | Terms of Representation

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999. Copyright © 2025 The Health Law Firm. All rights reserved.