Current and former patients of Oak Hill Hospital and five other healthcare facilities in Hernando County are being advised to stay alert for suspicious emails, text messages, or bills now that a hacker has obtained certain patient information held at a Hospital Corporation of America (HCA) storage facility and sold it to unknown parties in the dark web.
The hacked information is limited to patient name, city, state, zip code, email telephone number, date of birth, gender and patient service dates, location, and the date of an upcoming appointment, said Debra McKell, director of media relations for HCA Healthcare in Tampa.
It is not believed to include payment information such as credit card or account numbers or sensitive information such as passwords, driver’s license or social security numbers, or clinical information such as treatment, diagnosis, or condition, she said.
Affected facilities may include Oak Hill Hospital, Oak Hill Family Health Care, Oak Hill Surgical Specialists, Oak Hill Internal Medicine, and Oak Hill Women’s Health, all in Brooksville.
According to McKell, the data hack was discovered on July 5 when an unauthorized person posted in an online forum that the data had been hacked and sold.
“It’s my understanding that the information was sold on the black web,” she said. “The Russians and organized crime groups like this kind of information because they can make money on it.”
Anyone who receives a suspicious invoice, balance notice, or payment reminder may have been affected by the data breach.
“For example, if you get a bill for a service that you never received or from a facility that you never visited, you should call us,” McKell said.
Meanwhile, they should never open links or attachments that are sent from unfamiliar or untrusted sources.
Those who believe that they have been affected by the data breach should call (844) 608-1803.
Visit Privacy Update | HCA Healthcare for more information.