JACKSONVILLE, Fla. – Millions of people may be affected by a data breach through HCA Healthcare.
There are five HCA facilities in Northeast Florida.
The company believes the data was stolen from an external storage location used to automate email messages.
The information stolen includes patients’ names, city, state and ZIP codes, contact information, date of birth, gender and any appointment information.
Social security, medical information and credit or account numbers were not impacted.
Jay Fowler, Vice President of the Scarlett Group, a local IT firm, said it’s likely that people who’ve had their information compromised will start getting phishing emails.
“There are people who are considering this potentially the largest at least healthcare data breach ever. So, it’s very big. It’s a big deal,” Fowler said.
HCA’s breach did not include critical medical records, payment information like credit card numbers or passwords but that doesn’t mean your personal information isn’t equally as valuable.
“So, you got people who are going to try to buy that information off of the dark web or wherever and then they’re going to try to use that information to get more data about you or get your credit card or get your financial information or pretend to be FedEx or pretend to be the insurance carrier or whoever, right?” Fowler said. “What they’re going to do is just try to compromise your accounts in such a way that they can either get your password, or get your financial information, and then use it against you and potentially even identity theft.”
Fowler recommends HCA patients do 5 things:
- Watch for fraudulent emails
- Freeze your accounts
- Change your passwords
- Use multifactor authentication
- Monitor HCA’s website for updates on the data breach
“Anytime you have more than two pieces of personal information, you’re at risk,” Fowler said. “Well, that’s like five. So it’s a big deal. It’s likely that that’s what they’re gonna use to try to compromise you further, somehow get your money. That’s all this is about.”
HCA Healthcare is offering credit monitoring and identity protection services, in some cases for their patients. In the meantime, stay vigilant in identifying calls, emails or SMS texts which appear to be spam or fraudulent and don’t open links or attachments sent from untrusted sources.
As many as 11 million people may be affected. HCA has created a website to keep patients updated.