Skip to main content

Millions Of Banner Health Members Affected By Latest Security Breach

By August 12, 2016March 2nd, 2023Blog, Cybersecurity

MillionsXOfXBannerXHealthXMembersXAffectedXByXLatestXSecurityXBreachBanner Health, based in Phoenix, AZ, has the dubious honor as having been the recipient of the largest healthcare related data breach so far in 2016. The cyberattack was launched on June 17, and potentially impacts 3.7 million Banner Health patients.

Not only is the number of patient records exposed noteworthy and disconcerting, but so is the sheer volume of patient data the hackers were able to access, which includes patient names and addresses, doctors’ names, a variety of clinical information, dates of service, social security numbers, and information about the health insurance each of the patients has on file.

If that wasn’t bad enough, a spokesman for Banner Health also said that DEA numbers, tax identification numbers, national provider ID numbers, and provider names and address could have been compromised, making the breach one of the most all-encompassing we’ve seen in recent times.

Almost any consumer data has value on the black market, but this level of granularity means that the data will almost certainly fetch a premium on the Darknet. It gets worse though. Banner Health also maintains a number of in-house food and beverage stations on their properties, and these accept credit card payments. It is likely that anyone using any of these outlets between June 23 and July 7 has had their credit card information compromised as well.

Even more damaging, this isn’t the first time that Banner Health has been targeted. In February, 2014, the company suffered a similar breach that exposed the personal information of more than 50,000 people. Although steps were taken at that time to shore up security, it is now apparent that the measures taken were not nearly enough.

Early indications are that the as yet unidentified group responsible for this most recent breach also targeted other health care firms back in March and April of this year. That’s doubly worrisome, because health care information is subject to some of the most stringent protections and safeguards found anywhere, and if these attacks were indeed carried out by the same group, then it’s a clear demonstration of their power. PHI is protected in ways that go far beyond typical industry standards for data security.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.