Doctor Files Lawsuit against Banner Health Following Major Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Doctor Files Lawsuit against Banner Health Following Major Data Breach

August 10, 2016
by Rajiv Leventhal
| Reprints

A Glendale, Az.-based doctor is suing Banner Health after the health system last week acknowledged a cyberattack that compromised the personal information of about 3.7 million individuals.

According to a report in The Arizona Republic, Phoenix-based law firm Hagens Berman Sobol Shapiro filed a class-action lawsuit in Maricopa County Superior Court on behalf of Dr. Howard Chen, M.D., who works at Banner Thunderbird Hospital in Glendale, according to a statement from the firm.

Last week, Banner Health sent out letters to some 3.7 million people about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems. Payment cards used at food and beverage outlets at certain Banner Health locations during the two-week period between June 23 and July 7 may have been affected, according to Banner officials.

Then, in July, Banner Health learned that the cyber attackers may have indeed gained unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers. The patient and health plan information may have included names, birthdates, addresses, physicians. How the hack expanded from certain food and beverage outlets to patient information systems is currently unclear. Nonetheless, Banner offered a free one-year membership in monitoring services to patients, health plan members, health plan beneficiaries, physicians and healthcare providers, and food and beverage customers who were affected by this incident.

But, according to The Arizona Republic story, Chen’s lawyers accused Banner of negligence in allowing the breach to occur and argued the one year of credit monitoring already offered by one of the largest healthcare systems in the U.S was inadequate. “He'll be asking for a more robust package," Carey said. He added in a statement, “Banner’s negligence affected millions of people,” per the report. “It’s not enough to offer a skimpy 'fix' — the law requires Banner remedy the serious risks it created for its stakeholders.”

Currently on staff at Banner Thunderbird Hospital, Chen also worked at the Banner Arizona Medical Center from 2010 to 2013. He utilized the insurance Banner provided during his employment and worries his data is at risk, according to the lawsuit.

The health system said that it “worked quickly to block the attackers and is working to enhance the security of its systems in order to help prevent this from happening in the future.” Still, the lawsuit alleges negligence on Banner's part due to “insufficient” data security policies and failing to prevent the hack. “Personal and financial information is a valuable commodity,” states the lawsuit. “A ‘cyber black-market’ exists in which criminals openly post stolen credit card numbers, Social Security numbers and other personal information on a number of Internet websites.”

Peter S. Fine, Banner Health president and CEO, said in a statement following the acknowledgement of the breach that “Banner is committed to maintaining the privacy and security of information of our patients, employees, plan members and beneficiaries, customers at our food and beverage outlets, as well as our providers.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.