Rajiv Leventhal reports:
Phoenix-based Banner Health, one of the largest healthcare systems in the U.S., announced on August 3 that it is notifying approximately 3.7 million individuals about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations.
The incident was discovered by Banner Health on July 7, though the attack was initiated on June 17, according to the health system’s press release. The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems. Payment cards used at food and beverage outlets at certain Banner Health locations during the two-week period between June 23 and July 7 may have been affected. The investigation revealed that the attack did not affect payment card payments used to pay for medical services, the organization said.
Then, on July 13, Banner Health learned that the cyber attackers may have indeed gained unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers. The patient and health plan information may have included names, birthdates, addresses, physicians’ names, dates of service, claims information, and possibly health insurance information and social security numbers, if provided to Banner Health. The physician and provider information may have included names, addresses, dates of birth, social security numbers and other identifiers they may use.
Read more on Healthcare Informatics.
Banner Health has created a support site for the breach.
Don’t be surprised to see individual hospitals make their own announcements, like Fairbanks Memorial Hospital did (see KTUU report).