Banner Health hack impacts 3.7 million individuals

cybersecurity2

A cyberattack on Banner Health that initially impacted systems that process payment card data at food and beverage outlets ultimately led to patient and health plan member information being compromised, the health system announced Wednesday.

Phoenix-based Banner, which operates facilities in Alaska, Arizona, California, Colorado, Nebraska, Nevada and Wyoming, sent letters to 3.7 million patients, health plan members and beneficiaries, dining customers, physicians and other healthcare providers who may have been affected. The attack, which began June 23, lasted for two weeks.

While the cyberattack was first discovered July 7, Banner officials didn’t realize until July 13 that servers containing information on patients, health plan and beneficiary members and providers had also been breached.

In all, 27 locations were impacted according to Banner, 20 of which are located in Arizona; facilities in Alaska, Colorado and Wyoming also were affected. Information on the servers includes birth dates, Social Security numbers, addresses, dates of service and claims, and health insurance information for both current and former health plan members and patients. For dining customers, cardholder names, card numbers, expiration dates and internal verification codes were targeted.

In a statement, Banner President and CEO Peter Fine said the organization is “committed to maintaining” privacy and security for all parties involved. The health system is working with risk consulting firm Kroll and providing those impacted with one year of free monitoring services. It also provided a courtesy notification to the DEA and providers’ licensing boards, and created a call center for anyone with questions about the event.

The incident is the latest in a long line of cyberattacks that continue to plague the healthcare industry. For instance, reports surfaced this week that a Ukrainian hacker stole more than 100,000 internal documents from Central Ohio Urology Group. Columbia, Maryland-based MedStar Health and Los Angeles-based Hollywood Presbyterian Medical Center also are among have previously been attacked.

To learn more:
- read the announcement
- here’s the list of impacted locations
- check out Banner’s website