When Your Customers Suffer: The Banner Health Breach

According to Bank Info Security, Arizona-based Banner Health recently suffered a breach large enough to notify their 3.7 million customers.

Banner, which operates 29 hospitals, discovered the attack on July 7^th. The attackers gained access through payment card processing systems in some of their food and beverage outlets, after doing so the attackers also found a  door left open allowing access to  clients’ healthcare information.

As Bank Info Security notes, the hack “exposed cardholders’ names, card numbers, expiration dates and verification codes as the data was being routed through the affected systems. Cards used at affected outlets between June 23 and July 7 were affected. Card transactions used to pay for medical services were not affected.”

The full list of affected items has yet to be officially determined, but Banner Health has stated it could include the following:

• Patient names, birthdates and addresses
• Physician names
• Dates of service
• Claims information
• Health insurance information
• Social Security numbers

Banner Health announced that they are “offering a free one-year membership in identity monitoring services to patients, health plan members, health plan beneficiaries, physicians, healthcare providers, and food and beverage customers who were affected by this incident.”

What to Learn

Breaches like this are nothing new, as Bank Info Security notes, even though they seldom receive media exposure that matches the gravity of the attack. Instead, only when huge corporations like Target suffer public breaches does the general public hear about it. But attackers don’t just want bank or credit card information found in the records of giant retailers. There is a whole wealth of information found in the systems of healthcare businesses that is more than worth the effort of attackers and which businesses must recognize and take steps to protect.

Basically, if something is connected to your system, then that access point is at risk of attack and the entirety of your information can be compromised. Protection and prevention therefore must be emphasized, starting with a thorough audit of your organization’s security posture on all levels – from back-end sources like server and network testing to front-end social engineering evaluations. BAI Security specializes in IT Security Assessments that discover these weak points in your systems before attackers do.

When it comes to protecting your organization, there’s no excuse for suffering a breach like the one Banner Health just suffered. Take the steps to secure your business, and avoid the loss of customer trust that follows these breaches.