Dive Brief:
- Dr. Howard Chen, a former Banner Thunderbird Medical Center employee, recently filed a class-action lawsuit against Banner Health, The Arizona Republic reported.
- Banner Health last week announced it had reached out to 3.7 million individuals to warn them that their personal information may have been compromised as a result of a cyberattack.
- The suit alleges Banner was negligent by failing to provide sufficient data security policies.
Dive Insight:
In a statement Banner Health released last Wednesday, the nonprofit health system noted it discovered the possibility that cyberattackers gained access to information stored on some of the system's servers as well as systems that process credit card payments at some of Banner Health's food and beverage locations.
According to the company's statement, Banner Health discovered the cyberattack threat on July 7. While the attack began on June 17, from June 23 through July 7, credit/debit cards at some of Banner's food and beverage outlets may have been affected by the attack.
Banner Health reported that on July 13, it had learned the attackers may have gained access to patient information, health plan membership information as well as certain personal information of providers.
Chen worked at the center from 2010 to 2013 but is still concerned his personal health data is at risk, according to The Arizona Republic.
"Banner's negligence affected millions of people," Rob Carey, the filing attorney, was quoted in Becker's Hospital Review. "It's not enough to offer a skimpy 'fix' — the law requires Banner remedy the serious risks it created for its stakeholders."
This year has presented an ever-deepening well of healthcare cybersecurity fails to be held up as cautionary tales for other organizations. There was the Hollywood Presbyterian Medical Center ransomware incident where the organization paid $17,000 to regain control of their systems. In March, MedStar Health was forced to shut down its computer network for several days related to a cyberattack.
While continuous system-monitoring and updates to IT systems are good common sense precautions against data breaches, this lawsuit highlights it could cost an organization if its reacts to attacks instead of proactively getting in front of potential cyberbreaches.