Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

HCA Healthcare data breach impacted 11 million patients

HCA Healthcare disclosed a data breach that exposed the personal information of roughly 11 million patients. HCA Healthcare this week announced that the personal information of roughly 11 million patients was compromised in a data breach. The organization discovered the security breach on July 5 when a threat actor claimed the hack on an underground […]

Signature Healthcare

HCA Healthcare disclosed a data breach that exposed the personal information of roughly 11 million patients.

HCA Healthcare this week announced that the personal information of roughly 11 million patients was compromised in a data breach.

The organization discovered the security breach on July 5 when a threat actor claimed the hack on an underground forum.

As proof of the hack, the threat actors posted stolen info for some of the patients, including:

  • Patient name, city, state, and zip code;
  • Patient email, telephone number, date of birth, gender; and
  • Patient service date, location and next appointment date.

The info was exfiltrated from an external storage location that was exclusively used to automate the formatting of email messages.

The incident did not expose

  • Clinical information, such as treatment, diagnosis, or condition;
  • Payment information, such as credit card or account numbers;
  • Sensitive information, such as passwords, driver’s license or social security number.

HCA Healthcare launched an investigation into the security breach with the help of third-party forensic and threat intelligence advisors. The company also notified law enforcement and the investigation is still ongoing. At the time of this publishing, the company has yet to identify evidence of malicious activity on its networks or systems related to this incident.

“We do NOT believe that clinical information (such as treatment, diagnosis, or condition), payment information (such as credit card or account numbers), or other sensitive information (such as passwords, driver’s license or social security number) is involved.” states the company. “The investigation is ongoing and we cannot confirm the number of individuals whose information was impacted. HCA Healthcare believes that the list contains approximately 27 million rows of data that may include information for approximately 11 million HCA Healthcare patients.”

In response to the incident, HCA Healthcare disabled user access to the storage location.

“There has been no disruption to the care and services HCA Healthcare provides to patients and communities. This incident has not caused any disruption to the day-to-day operations of HCA Healthcare. Based on the information known at this time, the company does not believe the incident will materially impact its business, operations or financial results.” concludes the company.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)