Topics
Reimbursement
Home health agencies get half a percent pay increase
Home health agencies get half a percent pay increase
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
Two CFOs see promise of AI, but have yet to build a dedicated budget
Two CFOs see promise of AI, but have yet to build a dedicated budget
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Labor expenses continue to challenge hospitals
Labor expenses continue to challenge hospitals
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
UAB, Press Ganey launch certificate program for healthcare leaders
UAB, Press Ganey launch certificate program for healthcare leaders
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Cleveland Clinic partnering with Cavaliers on new training center
Cleveland Clinic partnering with Cavs on new sports complex
Compliance & Legal
Johnson and Johnson sues HRSA for blocking 340B plan
J&J sues HRSA for blocking 340B plan
Policy and Legislation
Trump picks RFK Jr. to lead HHS
Trump picks RFK Jr. to lead HHS
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
MD Anderson launches new cancer research center
MD Anderson launches new cancer research center
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Elevance Health 'considering options' following star ratings hit
Elevance Health 'considering options' following star ratings hit
Patient Engagement
Patients see narrow networks in ACA marketplace plans, KFF finds
KFF: Patients see narrow networks in ACA marketplace plans
Pharmacy
CerpassRx, Waltz team on AI platform to manage specialty drug spend
CerpassRx, Waltz team on AI to manage specialty drug spend
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Teladoc posts $640.5 million in revenue, stresses virtual care improvement
Teladoc posts $640.5 million in revenue
Mergers & Acquisitions
Cardinal Health set to acquire two companies for combined $3.9B
Cardinal Health set to acquire two companies for combined $3.9B
View more
Aug 14, 2023 More on Analytics

HCA sends notice to patients informing them of data breach

The information was obtained by an unauthorized party in late June in what appears to be a theft from an external storage location.

Jeff Lagasse, Editor

Photo: Joos Mind/Getty Images

Nashville-based HCA Healthcare has sent letters to certain patients affected by a data security incident that took place on or around July 5, and continues to mail out notification letters on a "rolling basis," according to states of residence.

A filing with the U.S. Department of Health and Human Services claims HCA discovered that a list of certain information pertaining to its patients was made available on an online platform by an unauthorized party.

The information was obtained by the unauthorized party in late June in what appears to be a theft from an external storage location exclusively used to automate the formatting of email messages, such as reminders that patients may wish to schedule an appointment and education on healthcare programs and services.

HCA said the incident did not cause disruptions to care or services.

WHAT'S THE IMPACT?

The exposed files contained the patient name, city, state, zip code, email, telephone number, date of birth, gender, service date, location and, in some instances, the date of their next appointment. 

The exposed information did not include clinical information, such as treatment, diagnosis or condition; payment information, such as credit card or account numbers; or other sensitive information, such as passwords, government-issued ID numbers or social security numbers.

HCA said it disabled user access to the storage location as an immediate containment measure. It reported the event to law enforcement, retained third-party forensic and threat-intelligence advisors to investigate the incident, and also secured complimentary credit and identity protection services for affected individuals.

The company said patients are encouraged to be vigilant against identity theft and fraud by reviewing account statements, monitoring any available credit reports for unauthorized or suspicious activity, and taking care in response to any email, telephone or other contacts that ask for personal or sensitive information.

In addition to encouraging patients to remain vigilant in identifying calls, emails or SMS texts which appear to be spam or fraudulent, HCA is providing complimentary credit monitoring and identity protection services to affected individuals for two years via IDX. Information regarding these services and enrollment instructions are included in the notification letters.

THE LARGER TREND

A few weeks ago HCA CEO Sam Hazen said the breach has resulted in legal reprisals from patients.

"Not unexpectedly, we have been named as a defendant in multiple class action lawsuits," he said.

He added, "This incident has not caused any disruption to our day-to-day operations nor do we believe it will materially impact our business or financial results. HCA Healthcare believes the privacy of its patients is a vital part of its mission and remains committed to maintaining the security of their personal information."

Data published by the Ponemon Institute in July showed that, while data breaches affect all industries, healthcare suffers the largest financial hit.

This year, the average cost of a data breach reached an all-time high of $4.4 million. That's a 2.3% increase from 2022, and, taking the long-term view, the average cost has increased 15.3% from the 2020 report.

Since 2020, healthcare data breach costs specifically have increased 53.3%, representing a considerable rise in recent years. This is the 13th consecutive year the health industry reported it had the most expensive data breaches, averaging $10.9 million in cost.

A 2022 report from law firm BakerHostetler showed consumers are increasingly suing organizations over data breaches. Healthcare comprises 23% of lawsuits due to data breaches. The next highest is business and professional services, at 17%, followed by finance and insurance (15%), education (12%) and manufacturing (10%).

Of all industries, healthcare also logged the highest initial ransom demand from hackers and bad actors, at more than $8.3 million. The average ransom that was actually paid was far lower, at about $876,000, but that was still the highest average amount paid across all industries.
 

Twitter: @JELagasse
Email the writer: Jeff.Lagasse@himssmedia.com

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.