The largest data breach so far in 2016 happened recently when hackers obtained information on 3.7 million patients and others from the computer servers of Banner Health, based in Phoenix. The breach included not just financial data, but also sensitive information such as Drug Enforcement Agency (DEA) numbers, tax identification numbers, and national provider identifier numbers.
The breach included the servers that process payment card information where food and beverages are sold in Banner facilities. The compromised information includes patient names, addresses, birthdates, physician names, dates of service, clinical information, health insurance information, and Social Security numbers, according to Banner’s announcement of the breach. Claims information from Banner’s health insurance programs and employee benefit records also may have been taken, along with provider names and addresses.
Banner Health released a list of 27 food and beverage locations where the hackers had access to payment card data from June 23 to July 7. When the breach was discovered, Banner temporarily stopped accepting credit and debit cards at those locations until the system was deemed secure again. In addition to offering free credit and identity monitoring to those affected, Banner notified the DEA and providers’ licensing boards of the incident because the compromised DEA numbers and national provider numbers could be used fraudulently and connected to the license holders.