A news release from Banner said that financial information of “patients, health plan members and beneficiaries, food and beverage customers and physicians and healthcare providers” may have been accessed.
Advertisement
Information accessed may include names, birthdates, social security numbers, addresses, dates of service and claims information, and health insurance information for current or former members of one of their health plans, or as a beneficiary of a Banner Health employee benefits plan.
Cyberattackers gained access to “a limited number” of Banner Health computer servers, including the servers that process payment card information where food and beverages are sold at the Phoenix-based health system.
Payment cards used at food and beverage outlets at certain Banner Health locations during the two-week period between June 23, 2016 and July 7, 2016 may have been affected.
Banner Health operates in Alaska, Arizona, California, Colorado, Nebraska, Nevada and Wyoming.
The system stated an internal investigation found the attack began on June 17.
Check back to azcentral.com for updates.
The potentially compromised information about physicians and providers included names, addresses, dates of birth, Social Security numbers and other identifiers, according to the news release. “Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data”.
“Customers should be assured that they can confidently use payment cards at Banner Health food and beverage outlets”, a Banner Health statement said.
The health care provider said it is working to both step up security measures and alert banks so affected cards can be monitored.
Advertisement
It warned customers of its food and beverage locations to review their payment card statements for any unauthorized activity, stating that payment card rules generally provide that cardholders are not responsible for timely-reported unauthorized charges. Banner is offering a free one-year membership to a monitoring service for those whose information may have been compromised.
