Banner Health is the latest major health system to fall victim to cyberattacks, but this incident doesn’t seem to have targeted only patient records. Instead, at least one hack hit food and beverage stations at Banner facilities in four states.
The Phoenix-based organization disclosed Wednesday that it is contacting 3.7 million people — patients, health plan members, clinicians and visitors who purchased food and beverages at many locations.
Banner said that it discovered July 7 that hackers “may have gained unauthorized access to computer systems that process payment card data at food and beverage outlets” between June 23 and July 7. The attack sought credit and debit card information at 27 food stands in Arizona, Alaska, Colorado and Wyoming.
On July 13, Banner Health then discovered a breach of patient, beneficiary and staff data that the organization said began June 17. According to the health system:
The patient and health plan information may have included names, birthdates, addresses, physicians’ names, dates of service, claims information, and possibly health insurance information and social security numbers, if provided to Banner Health. The physician and provider information may have included names, addresses, dates of birth, social security numbers and other identifiers they may use.
Banner Health said it stopped accepting electronic payment cards for food and beverage for an unspecified time period, but that it has since gone back to accepting credit and debit cards.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
Banner will offer a year of credit monitoring to the 3.7 million people affected by these breaches. The organization has set up a website and a hotline (855-223-4412) to answer questions about the incidents.
Photo: University of Arizona
