Banner Hacked-3.7 Million at Risk
A large-scale computer cyberattack at Banner Health compromised the records of up to 3.7 million patients, health-insurance-plan members, food and drink customers, and doctors according to the an Arizona Republic article by Ken Alltucker (1). Banner Health discovered unusual activity on its computer servers in late June and uncovered evidence of two attacks, with hackers accessing both patient records and payment-card records of food and beverage customers. The Phoenix-based health-care provider said it will mail letters to those affected notifying them about details of the cyberattack and steps they can take to protect themselves. Banner employees, many of whom are patients and covered by Banner Health insurance plans, also are believed to be victims of the attack.
The Banner Health attack is the largest among 32 known data breaches involving Arizona-based health and medical providers since 2010 according to an U.S. Department of Health and Human Service list. The breach exceeds all other breaches in Arizona combined by over 1,000,000 affected individuals. Banner also has the dubious distinction of the previous high in Arizona when records of 55,207 were compromised in 2014 (2).
Banner Health officials said they thus far have not received reports of hackers misusing the information, but the health-care provider will offer a free one-year membership in credit-monitoring services to patients, health-plan members and others affected by the cyberattack. The hackers apparently accessed Banner computer systems that process payment-card data at food and beverage outlets at some Banner Health locations. Potential victims can view a list of affected Banner locations in Arizona, Alaska, Colorado and Wyoming at http://bannersupports.com/customers/affected-locations/. On July 13, Banner Health discovered that hackers also may have accessed patient and health-insurance records, which may have included information about doctors and health-care providers. Those records may have included names, birth dates, addresses, doctors' names, dates of service, claims information, health-insurance information and Social Security numbers.
Bob Gregg, chief executive of Portland, Ore.-based ID Experts. said health-care providers are increasingly facing attacks from criminal organizations that resell the information for profit. According to Gregg. a record containing a name, address and Social Security number sells for $1 to $3 on the black market but detailed medical records with unique patient identifying numbers can fetch up to $100 per record.
Banner Health has established a website that details information about the data breach at http://bannersupports.com. Patients or other customers who have questions or concerns about the cyberattack can call 1-855-223-4412.
References
- Ken Alltucker. Banner Health cyberattack breaches up to 3.7 million records. Arizona Republic. August 3, 2016. Available at: http://www.azcentral.com/story/money/business/health/2016/08/03/banner-health-cyberattack-breaches-up-3-7-million-records/88035474/ (accessed 8/6/16).
- Robbins RA. Banner prints social security numbers. Southwest J Pulm Crit Care. 2014;8(2):140-1. [CrossRef]
Cite as: Robbins RA. Banner hacked-3.7 million at risk. Southwest J Pulm Crit Care. 2016;13(2):80-1. doi: http://dx.doi.org/10.13175/swjpcc075-16 PDF
Reader Comments (1)
Banner Health Cyberattack Draws Class-Action Suit
Ophthalmologist Dr. Howard Chen is the lead plaintiff in a class-action lawsuit against Banner Health over the massive data breach the health system disclosed last week according to Modern Healthcare. The breach is the eighth-largest in healthcare history since federal record-keeping began in 2009. The complaint alleges the credit and identity theft protections Banner has offered to breach victims are inadequate and that the system was negligent in allowing the data to be compromised, according to a report in the Arizona Republic. He is represented by Hagens Berman Sobol Shapiro, a law firm specializing in class-action suits.
The previous norm of one year of credit protection has been supplanted in some instances by two years of protection. Last year Blue Cross and Blue Shield plans announced it would begin offering free perpetual credit care and fraud protection to all of their members by Jan. 1, 2016.