Doctor Files Lawsuit against Banner Health Following Major Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Doctor Files Lawsuit against Banner Health Following Major Data Breach

August 10, 2016
by Rajiv Leventhal
| Reprints

A Glendale, Az.-based doctor is suing Banner Health after the health system last week acknowledged a cyberattack that compromised the personal information of about 3.7 million individuals.

According to a report in The Arizona Republic, Phoenix-based law firm Hagens Berman Sobol Shapiro filed a class-action lawsuit in Maricopa County Superior Court on behalf of Dr. Howard Chen, M.D., who works at Banner Thunderbird Hospital in Glendale, according to a statement from the firm.

Last week, Banner Health sent out letters to some 3.7 million people about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems. Payment cards used at food and beverage outlets at certain Banner Health locations during the two-week period between June 23 and July 7 may have been affected, according to Banner officials.

Then, in July, Banner Health learned that the cyber attackers may have indeed gained unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers. The patient and health plan information may have included names, birthdates, addresses, physicians. How the hack expanded from certain food and beverage outlets to patient information systems is currently unclear. Nonetheless, Banner offered a free one-year membership in monitoring services to patients, health plan members, health plan beneficiaries, physicians and healthcare providers, and food and beverage customers who were affected by this incident.

But, according to The Arizona Republic story, Chen’s lawyers accused Banner of negligence in allowing the breach to occur and argued the one year of credit monitoring already offered by one of the largest healthcare systems in the U.S was inadequate. “He'll be asking for a more robust package," Carey said. He added in a statement, “Banner’s negligence affected millions of people,” per the report. “It’s not enough to offer a skimpy 'fix' — the law requires Banner remedy the serious risks it created for its stakeholders.”

Currently on staff at Banner Thunderbird Hospital, Chen also worked at the Banner Arizona Medical Center from 2010 to 2013. He utilized the insurance Banner provided during his employment and worries his data is at risk, according to the lawsuit.

The health system said that it “worked quickly to block the attackers and is working to enhance the security of its systems in order to help prevent this from happening in the future.” Still, the lawsuit alleges negligence on Banner's part due to “insufficient” data security policies and failing to prevent the hack. “Personal and financial information is a valuable commodity,” states the lawsuit. “A ‘cyber black-market’ exists in which criminals openly post stolen credit card numbers, Social Security numbers and other personal information on a number of Internet websites.”

Peter S. Fine, Banner Health president and CEO, said in a statement following the acknowledgement of the breach that “Banner is committed to maintaining the privacy and security of information of our patients, employees, plan members and beneficiaries, customers at our food and beverage outlets, as well as our providers.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.