Sponsored by

Note: This story is more than 3 years old.

Banner Health data breach exposes info on 3.7 million

A hack of data held by Banner Health — the operator of the former University Medical Center in Tucson — has put information on about 3.7 million people at risk. The company is sending letters to patients, health plan members and beneficiaries, food and beverage customers and physicians and healthcare providers telling them of the data breach.

Banner-run hospitals in Tucson were among the targeted locations.

Banner, a Phoenix-based nonprofit with operations in seven states, disclosed the data breach Wednesday. The organization merged with the former University of Arizona-run hospitals in Tucson and Phoenix in 2015, taking over management.

Systems containing patient medical records, insurance information and credit card data from cafeteria customers were hacked in two incidents over several weeks this summer, the company said Wednesday afternoon.

On July 7, Banner "discovered that cyber attackers may have gained unauthorized access to computer systems that process payment card data at the food and beverage outlets at some of our Banner Health locations," company officials said.

According to Banner, "the attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems. Payment cards used at food and beverage outlets at certain Banner Health locations during the two week period between June 23, 2016 and July 7, 2016 may have been affected."

On July 13, Banner found that hackers had targeted computer system containing health information, beginning on June 17. Data exposed may have included "patients’ names, birthdates, addresses, physicians’ names, dates of service, clinical information, possibly health insurance information, and social security numbers if one was provided to Banner Health," officials said.

The company said it will provide credit-monitoring services to those whose data may have been exposed.

Among other information that may have been exposed are the Drug Enforcement Agency numbers assigned to doctors.

Banner said it was "reaching out by mail directly to all potentially impacted people for whom we have contact information to share information of this incident and to make them aware of the free protections we are offering them as a result." Anyone who does not receive a letter by Sept. 9 and has concerns about potential data exposure should call Banner at 1-855-223-4412, the company said.

In addition to Arizona, Banner operates facilities in Alaska, California, Colorado, Nebraska, Nevada and Wyoming.

- 30 -
have your say   

Comments

There are no comments on this report. Sorry, comments are closed.

Sorry, we missed your input...

You must be logged in or register to comment

Consumer protection tips

From Arizona Attorney General Mark Brnovich:

Consumers who receive a data breach notification from Banner Health indicating their personally identifiable information may have been accessed can take the following steps to protect themselves from becoming a victim of identity theft:

  • Contact their bank and/or credit card company and request a new card.
  • Regularly review debit and/or credit card transactions.
  • Get a free credit report from the 3 credit reporting agencies to check for any unauthorized accounts and charges.  Consumers should continually monitor their credit reports.
  • Place a credit freeze on their accounts.
  • Beware of scam calls.  (Someone may have some of their personal information so it’s important that they not assume a telephone call is legitimate just because the caller has some of their personal information.)