3.7 Million People Hit in Massive Banner Health Breach

The largest healthcare breach of 2016 has hit Phoenix-based Banner Health, potentially affecting 3.7 million.

The victims include patients, Banner health plan members and beneficiaries, and even food and beverage customers and providers.

The cyberattack was initiated June 17, and the amount of data that the thieves were able to access is startling: It includes patient names, addresses, birthdates, physician names, dates of service, clinical information, health insurance information and Social Security numbers. For those enrolled in a Banner health plan, claims information, insurance information and employee benefit information may also have been affected, along with provider names, addresses, Drug Enforcement Agency numbers, tax identification numbers and national provider identifier numbers may have also been impacted.

“Patient data has real value on the black market, and hospitals are in the hackers' cross hairs,” said Csaba Krasznay, product manager at Balabit. “Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors, with special attention to internal users whose stolen credentials are usually used in cyberattacks. From an IT security perspective, healthcare is one of the most interesting sectors, because so much sensitive personal data—such as previous diseases, drug usage habits, etc.—resides in digital format—often without proper security measures.”

On top of the personal information, the hackers also targeted payment card data; cards used at 27 food and beverage outlets between June 23 and July 7 may be affected by the attack.

“Hackers desire access to all parts of a healthcare enterprise, including the payment card areas of the food and beverage networks, the electronic medical record systems, and most every other part of the internal network including email and database systems,” said John Christly, CISO, Netsurion, via email. “The more data that can be taken before anyone notices, the better for the hackers, who can then use the data they have taken for profit or for additional attacks on that same customer—or other services where users may be using the same passwords.”

Andrew Komarov, chief intelligence officer at InfoArmor, said that threat intelligence information shows that the incident may be related to the same group that previously attacked several US-based healthcare institutions in March and April. He also told us that as of August 4, the stolen data is not available for sale in the underground.

Banner Health’s members have had data exposed in the past. In February 2014, Banner Health accidentally exposed personal information on more than 50,000 people when their Medicare and Social Security numbers showed up on magazine address labels.

For businesses like these that handle vast amounts of personal information, it “would be ideal to have file integrity monitoring tools, security information event management (SIEM), and integrated threat intelligence data coupled with the advanced firewall and segregated network design to help prevent, detect and respond to any issues that may happen in the future,” Christly added.

Healthcare breaches show no sign of waning; earlier this week Ohio Health saw the compromise of 100,000 documents.

Photo © wk1003mike

What’s Hot on Infosecurity Magazine?