WEST PALM BEACH, Fla. — If were a patient at one of the JFK hospitals in West Palm Beach or Atlantis, Palms West in Loxahatchee, HCA Longwood in Fort Pierce or St. Lucie Hospital, you may be one of 11 million victims of a criminal hack nationwide.
HCA is the latest healthcare corporation to be hit by identity thieves.
Also affected were HCA doctors' offices.
Cybersecurity expert Alan Crowetz, the CEO of Infostream, said cyber-crooks have the identities of known hospital patients, these patients are vulnerable to phone or email scams.
"There's a lot more people who will fall for that," Crowetz said. "Because I went to the hospital, they're saying my doctor sent me this information. It's much more believable."
According to HCA, cyber thieves stole patient's name, addresses, emails, phone numbers, birth dates, and when and where they last saw a provider.
HCA said the hackers did not get credit card or Social Security numbers, passwords, driver's licenses and clinical information like patient conditions and treatment.
The website DataBreaches.net claimed hackers showed an example of a patient's lung cancer diagnosis, which counters HCA's claim.
Crowetz said no matter what, healthcare systems are prime targets of hackers because patient records offer so much data to crooks.
“Where the real money is, with this breach or any breach in data, is money," Crowetz said.
It appears patients whose information was stolen have not been told.
Bill Dillon, a Tallahassee lawyer who specializes in healthcare regulations, explained why HCA has yet to notify them.
"That's a huge undertaking with this much data," Dillon said. "It's not something they can find out in a week."
Dillon said if HCA is correct and that financial and medical information was not breached, those who had their identity stolen may not have a lot to worry about.