14 DAY TRIAL // Three days after announcing a data breach that might have potentially affected a whopping 3.7 million patients, a US-based healthcare provider was sued for negligence by one of its employees in a class-action lawsuit.
On August 3, 2016, Banner Health, an Arizona-based healthcare provider, announced that it detected a security breach on its network and that it would be notifying patients, doctors, and staff of a data breach that exposed personal and/or financial details.
Hackers compromised payment processing system
The healthcare provider said that its IT department detected on July 7 that a third-party had compromised the payment processing systems used by food and beverage outlets at Banner Health locations in Alaska, Arizona, Colorado, and Wyoming.
The company claimed the hackers managed to steal cardholder name, card number, expiration date, and internal verification codes, but patients who paid for medical services were not affected.
Six days later, on July 13, the company also announced it detected a breach of its servers that exposed the personal details of patients.
Hackers also stole patient records
Banner Health explained the exposed data might have included names, dates of birth, addresses, physicians’ names, dates of service, claims information, health insurance information, social security numbers, and other identifiers.
The company said its servers were compromised on June 17 while the crooks penetrated the payment systems on June 23.
Three days after the announcement, on August 6, Dr. Howard Chen, an employee of the Banner Thunderbird Hospital in Glendale, filed a class-action lawsuit against Banner Health, accusing the company of negligence and asking for better compensation, AZCentral reports.
Banner Health offered one year of free credit card monitoring. Dr. Chen considers that this was inadequate and is asking for identity protection services as well.
In the last year, medical information has become a hot product on the Dark Web. In the last 50 days, a hacker known as TheDarkOverlord has put up for sale almost 10 million patient records belonging to US citizens.