Banner Health suffers massive cyberattackReprints
Banner Health is contacting 3.7 million individuals whose personal information may have been accessed in a cyberattack that started on systems that process credit card payments for food and beverage purchases at Banner locations.
The breach then expanded to include patient and health plan information.
The health system, with locations in Alaska, Arizona, California, Colorado, Nebraska, Nevada and Wyoming, first learned of the attack on July 7, a company statement said. Around June 23, the attack began to target data from credit cards, including the card holders' names, card numbers, expiration dates and verification codes.
By July 13, an investigation revealed that the attackers “may have gained unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers,” the statement said. “The patient and health plan information may have included names, birthdates, addresses, physicians' names, dates of service, claims information, and possibly health insurance information and social security numbers.”
Banner announced Wednesday that it is mailing letters to 3.7 million patients, health plan members and food services customers about the attack. The health system has also hired a computer forensics firm, contacted law enforcement officials and is taking steps to prevent further attacks.
A list of the outlets that were affected can be found here.
Joseph Conn writes for Modern Healthcare, a sister publication of Business Insurance.