Banner Health Cyberattack Impacts 3.7 Million People

Joseph Conn | Modern Healthcare | August 3, 2016

Banner Health is contacting 3.7 million individuals whose personal information may have been accessed in a cyberattack that began on systems that process credit card payments for food and beverage purchases at Banner locations. The breach then expanded to include patient and health plan information. The Phoenix-based health system, with locations in Alaska, Arizona, California, Colorado, Nebraska, Nevada and Wyoming, first learned of the attack on July 7, according to a company statement.

Around June 23, the attack began to target data from credit cards, including the cardholders' names, card numbers, expiration dates and verification codes. By July 13, an investigation revealed that the attackers “may have gained unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers,” the statement said. “The patient and health plan information may have included names, birth dates, addresses, physicians' names, dates of service, claims information, and possibly health insurance information and Social Security numbers.”

Banner announced Wednesday that it is mailing letters to 3.7 million patients, health plan members and food service customers about the attack. The system has also hired a computer forensics firm, contacted law enforcement officials and is taking steps to prevent further attacks. Bill Byron, vice president of public relations for Banner, said there was no evidence the information has been misused in any way. He added that further details may not be forthcoming...