3.7 million at risk in Banner cyberattack

Banner Health has suffered a massive cyberattack potentially affecting 3.7 million individuals, including patients, health plan members and beneficiaries, providers, and even those who bought food and beverages with a payment card.

The hackers hit a “limited” number of computer services as well as the computer systems that process food and beverage purchases.

Phoenix-based Banner said the attack was discovered on July 13, with indications suggesting that it had started on June 17. All affected individuals are being offered one year of credit/identity protection services from Kroll.

Banner on behalf of providers is notifying the Drug Enforcement Agency and providers’ licensing boards.

bannercardonchildrens-CROP (2).jpg
photo provided by Krista Hilker

Patient data compromised could include names, birth dates, addresses, Social Security numbers, physician names, dates of service, clinical information and possibly health insurance information, according to the organization.

Compromised provider information could include names, addresses, dates of birth, DEA numbers, Tax Identification numbers, National Provider Identifiers and Social Security numbers.

Health plan member and beneficiary information at risk could include names, birth dates, Social Security numbers, addresses, dates of service and claims information, and health insurance information.

In Banner’s statement on the incident, the delivery system now says payment cards can be used with confidence at its food and beverage facilities.

For reprint and licensing requests for this article, click here.