The Target: U.S. healthcare giant HCA Healthcare, an American for-profit operator of healthcare facilities that was founded in 1968.
The Take: Patient names; address data, such as city, state and ZIP code; patient email addresses; phone numbers; dates of birth; gender; and patient service dates, such as locations, and details about next appointments.
The Vector: DataBreaches.net first reported the seller’s forum post on July 5, in which the seller claimed to have 27 million rows of information. Some of the column headers in the stolen file include data that HCA says was stolen, such as names, gender and dates of birth.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications.