Skip to content Skip to navigation

Doctor Files Lawsuit against Banner Health Following Major Data Breach

August 10, 2016
by Rajiv Leventhal
| Reprints

A Glendale, Az.-based doctor is suing Banner Health after the health system last week acknowledged a cyberattack that compromised the personal information of about 3.7 million individuals.

According to a report in The Arizona Republic, Phoenix-based law firm Hagens Berman Sobol Shapiro filed a class-action lawsuit in Maricopa County Superior Court on behalf of Dr. Howard Chen, M.D., who works at Banner Thunderbird Hospital in Glendale, according to a statement from the firm.

Last week, Banner Health sent out letters to some 3.7 million people about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems. Payment cards used at food and beverage outlets at certain Banner Health locations during the two-week period between June 23 and July 7 may have been affected, according to Banner officials.

Then, in July, Banner Health learned that the cyber attackers may have indeed gained unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers. The patient and health plan information may have included names, birthdates, addresses, physicians. How the hack expanded from certain food and beverage outlets to patient information systems is currently unclear. Nonetheless, Banner offered a free one-year membership in monitoring services to patients, health plan members, health plan beneficiaries, physicians and healthcare providers, and food and beverage customers who were affected by this incident.

But, according to The Arizona Republic story, Chen’s lawyers accused Banner of negligence in allowing the breach to occur and argued the one year of credit monitoring already offered by one of the largest healthcare systems in the U.S was inadequate. “He'll be asking for a more robust package," Carey said. He added in a statement, “Banner’s negligence affected millions of people,” per the report. “It’s not enough to offer a skimpy 'fix' — the law requires Banner remedy the serious risks it created for its stakeholders.”

Currently on staff at Banner Thunderbird Hospital, Chen also worked at the Banner Arizona Medical Center from 2010 to 2013. He utilized the insurance Banner provided during his employment and worries his data is at risk, according to the lawsuit.

The health system said that it “worked quickly to block the attackers and is working to enhance the security of its systems in order to help prevent this from happening in the future.” Still, the lawsuit alleges negligence on Banner's part due to “insufficient” data security policies and failing to prevent the hack. “Personal and financial information is a valuable commodity,” states the lawsuit. “A ‘cyber black-market’ exists in which criminals openly post stolen credit card numbers, Social Security numbers and other personal information on a number of Internet websites.”

Peter S. Fine, Banner Health president and CEO, said in a statement following the acknowledgement of the breach that “Banner is committed to maintaining the privacy and security of information of our patients, employees, plan members and beneficiaries, customers at our food and beverage outlets, as well as our providers.”



Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.

AHRQ Developing New Patient Safety Surveillance Tool

With the aim of improving patient safety monitoring, the Agency for Healthcare Research and Quality (AHRQ) within the U.S. Department of Health and Human Services (HHS) is currently developing and testing an improved patient safety surveillance system.

Gates Foundation Awards $210M to UW's Population Health Initiative

The Bill and Melinda Gates Foundation is awarding $210 million to Seattle-based University of Washington’s Population Health Initiative, with the funds going toward the construction of a new building to serve as the initiative’s hub.

AHA Offers Interoperability Standards Recommendations to ONC

The American Hospital Association (AHA) has offered feedback to the ONC on the agency’s draft Interoperability Standards Advisory (ISA) that it issued in August.

Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information.

Mount Sinai’s Research Arm Using Data Analytics to Address Health Inequities

The Arnhold Institute for Global Health at the Icahn School of Medicine at Mount Sinai is partnering with DigitalGlobe to create the Health Equity Atlas Initiative (ATLAS), a platform that standardizes and maps population data in order to generate insights that address health inequities.