Banner Health has reported that a massive data hack beginning June 17 has affected the records of as many as 3.7 million individuals who were patients, health insurance plan members, food and drink customers, doctors, and others.
Two different attacks were uncovered. "Suffice to say, this was a group of extremely sophisticated hackers," Bill Byron, Banner Health spokesman
told AZCentral.
"We are still in the process of trying to determine what the scope is," Byron added.
Later, he
told the Coloradoan, "We know it is extensive throughout the network.”
Banner is Arizona's biggest health care provider.
Banner Health is mailing letters to those impacted, related to the cyber attack, it announced in a statement. In addition it “immediately launched an investigation, hired a leading forensics firm, took steps to block the cyber attackers, and contacted law enforcement.”
The attack was unearthed by Banner on July 7, 2016, when it determined that attackers may have gained unauthorized access to computer systems that process payment card data at food and beverage outlets at some Banner Health locations.
“The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems,” it stated.
The attack may have acquired cards used at food and beverage outlets at certain Banner Health locations during the two-week period between June 23 and July 7, 2016. But attackers failed to breach the system housing payment card data used for medical services.
However, also on July 13, 2016, Banner determined that patient information, health plan member and beneficiary information, as well as information about physician and health care providers may also have been compromised.
This could have included names, birth dates, addresses, physicians’ names, dates of service, claims information, and possibly health insurance information and social security numbers.
As has become routine in such situations, Banner Health is offering a free one-year membership in monitoring services to those whose data may have been compromised.
“The Banner Health attack is the latest and largest among 32 known data breaches involving Arizona-based health and medical providers since 2010,” according to AZCentral.
Medical records are high-value targets for thieves as they allow them to fraudulently bill insurers, Bob Gregg, chief executive of Portland, Oregon-based ID Experts, told the news site.
"Most Americans don't understand what goes on their medical records," Gregg said. "It's a treasure trove of information" for hackers seeking to profit from stolen identities.
He told the the site that a name, address and Social Security number might only be worth $1-$3 dollars on the black market, but a medical record could go for $100.
The locations that were breached, according to Banner, include one in Alaska, one in Wyoming, five in Colorado and 20 in Arizona.
