HCA Healthcare, which owns and operates Mission Health System, reports that a patient list including their personal information has been made available on an online forum. Seven facilities in the region were impacted:
- Angel Medical Center
- Asheville Specialty Hospital
- Blue Ridge Regional Hospital
- Highlands-Cashiers Hospital
- McDowell Hospital
- Mission Hospital
- Transylvania Regional Hospital
The incident is a result of a “theft from an external storage location exclusively used to automate the formatting of email messages,” according to a press release from the company. The information does not include clinical, sensitive or payment information according to HCA. The information stolen includes:
- Patient name, city, state, and zip code
- Patient email, telephone number, date of birth, gender
- Patient service date, location and next appointment date.
In 2019, HCA Healthcare purchased Mission Health System which includes six regional hospitals across Western North Carolina from Macon County to McDowell County. HCA plans to expand in the region with an application for a second emergency department in Buncombe County and a new mental health facility opening in Buncombe County this summer.
HCA posted a webpage to keep patients informed about the breach. Access it here.