After a major security breach, Banner Health Systems had to contact 3.7 million customers to inform them their information may have been compromised by hackers.
The cyberattack originally targeted systems that process food purchases at company facilities. Through that breach, hackers were able to infiltrate the company's far more valuable health records.
"The patient and health plan information (compromised) may have included names, birth dates, addresses, physicians' names, dates of service, claims information, and possibly health insurance information and Social Security numbers," the company said in a statement.
Recommended For You
The Phoenix-based company learned of the attack in early July, two weeks after it began. On Wednesday, it announced that it would mail letters to its customers, offering them a "free one-year membership in monitoring services to patients, health plan members, health plan beneficiaries, physicians and healthcare providers, and food and beverage customers who were affected by this incident."
The Banner Health hacking is one of the most severe health-related cyberattacks in recent memory, but it was hardly a surprise to cybersecurity experts, who have been warning of the risk to health records by hackers for years. Health records, say experts, are a more profitable asset to fraudsters than credit card numbers.
"It is perfect for ID theft," Nicola Fulford, an attorney who deals with identity theft issues, told the BBC. "You have everything you need to make fraudulent health insurance claims, for example."
The concerns have become mainstream in the wake of a number of prominent incidents. One notable hacking resulted in Hollywood Presbyterian Medical Center in Los Angeles paying a $17,000 to hackers who had infiltrated the hospital's computer system with a "ransomware," which demands payment in bitcoins, the cybercurrency. The sum of money meant little to the hospital, but the payment prompted predictable concerns that negotiations with hackers would only encourage further attacks.
PBS reported earlier this year that in 2015 alone, 113 million health records were compromised by cyberattacks.
Some also argue that the aggressive push to implement electronic health records by the Obama administration hit providers too hard, too fast, and was not accompanied by enough training or awareness of cybersecurity.
The administration and Congress have been exploring solutions to improve security for the health care system. In March, the Department of Health and Human Services announced the creation of a task force, composed of government and industry leaders, dedicated to coming up with ways to bolster security. Congress is currently considering a bipartisan bill that would establish a position within the department specifically focused on cybersecurity.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
