Dive Brief:
- Banner Health is reaching out to 3.7 million individuals to warn them that their personal information may have been compromised as a result of a cyberattack, Modern Healthcare reported.
- In a statement Banner Health released on Wednesday, the nonprofit health system noted it discovered the possibility that cyberattackers gained access to information stored on some of the system's servers as well as systems that process credit card payments at some of Banner Health's food and beverage locations.
- The system stated an internal investigation found the attack began on June 17.
Dive Insight:
According to the company's statement, Banner Health discovered the cyberattack threat on July 7. While the attack began on June 17, from June 23 through July 7, credit/debit cards at some of Banner's food and beverage outlets may have been affected by the attack.
Banner Health reported that on July 13, it had learned the attackers may have gained access to patient information, health plan membership information as well as certain personal information of providers. Such information for both patient and providers could have included names, birthdates and social security numbers, Banner stated.
Banner Health has operations in seven states: Alaska, Arizona, California, Colorado, Nebraska, Nevada and Wyoming. The cyberattack did not affect all Banner Health patients.
Time to buckle down on security
Cybersecurity is not a new topic in healthcare. For example, last November Stephen Cobb, senior security researcher from ESET, told Healthcare Dive that healthcare data is a rich source of data hackers can use for other means.
But this year in particular has presented an ever-deepening well of healthcare cybersecurity fails to be held up as cautionary tales for other organizations. There was the Hollywood Presbyterian Medical Center ransomware incident where the organization paid $17,000 to regain control of their systems. In March, MedStar Health was forced to shut down its computer network for several days related to a cyberattack. In June, a hacker put 9.3 million health records up for sale on the internet.
The government took notice early this year. President Obama proposed more than $19 billion for cybersecurity initiatives in the 2017 budget proposal. In the fact sheet, the administration called out insurers and other healthcare stakeholders to "take new and significant steps to enhance their data stewardship practices and ensure that consumers can trust that their sensitive health data will be safe, secure, and available to guide clinical decision-making."
Just last week, HHS announced funding opportunities to improve information exchange around cyberthreats in healthcare organizations' health IT systems. Next year, HHS will spend up to $250,000 and funding could be renewed for up five years.
It would benefit healthcare organizations and IT system administrators to monitor and update their cybersecurity initiatives as healthcare cyberattacks continue to make headlines and affect a large number of patients/individuals.