HCA faces at least five class action lawsuits from historic data breach

Since HCA’s announcement in early July that 11 million patients across its network had personal data compromised during its massive data breach, the health system is facing at least five class-action lawsuits from patients in Tennessee, California, Florida and Texas. One plaintiff describes the breach as “unacceptable”, and is taking action to hold HCA accountable for their inability to safeguard personal information.


NPR pointed out that the HCA data breach may have put millions of people at risk of a host of fraudulent schemes that come with stolen medical data, including “medical identity” fraud. HCA continues to downplay the breach, insisting that the compromised data does not include clinical or payment data or driver’s licenses or social security numbers. 


Yet, NPR points out that information around dates and locations of service along with personal information like name, address, date of birth, and phone numbers (all of which were among compromised HCA patient data) can lead to fraudulent billing or identity theft. See a list of HCA hospitals affected by the breach.