A Glendale, Az.-based doctor is suing Banner Health after the health system last week acknowledged a cyberattack that compromised the personal information of about 3.7 million individuals.
According to a report in The Arizona Republic, Phoenix-based law firm Hagens Berman Sobol Shapiro filed a class-action lawsuit in Maricopa County Superior Court on behalf of Dr. Howard Chen, M.D., who works at Banner Thunderbird Hospital in Glendale, according to a statement from the firm.
Last week, Banner Health sent out letters to some 3.7 million people about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems. Payment cards used at food and beverage outlets at certain Banner Health locations during the two-week period between June 23 and July 7 may have been affected, according to Banner officials.
Then, in July, Banner Health learned that the cyber attackers may have indeed gained unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers. The patient and health plan information may have included names, birthdates, addresses, physicians. How the hack expanded from certain food and beverage outlets to patient information systems is currently unclear. Nonetheless, Banner offered a free one-year membership in monitoring services to patients, health plan members, health plan beneficiaries, physicians and healthcare providers, and food and beverage customers who were affected by this incident.
But, according to The Arizona Republic story, Chen’s lawyers accused Banner of negligence in allowing the breach to occur and argued the one year of credit monitoring already offered by one of the largest healthcare systems in the U.S was inadequate. “He'll be asking for a more robust package," Carey said. He added in a statement, “Banner’s negligence affected millions of people,” per the report. “It’s not enough to offer a skimpy 'fix' — the law requires Banner remedy the serious risks it created for its stakeholders.”
Currently on staff at Banner Thunderbird Hospital, Chen also worked at the Banner Arizona Medical Center from 2010 to 2013. He utilized the insurance Banner provided during his employment and worries his data is at risk, according to the lawsuit.
The health system said that it “worked quickly to block the attackers and is working to enhance the security of its systems in order to help prevent this from happening in the future.” Still, the lawsuit alleges negligence on Banner's part due to “insufficient” data security policies and failing to prevent the hack. “Personal and financial information is a valuable commodity,” states the lawsuit. “A ‘cyber black-market’ exists in which criminals openly post stolen credit card numbers, Social Security numbers and other personal information on a number of Internet websites.”
Peter S. Fine, Banner Health president and CEO, said in a statement following the acknowledgement of the breach that “Banner is committed to maintaining the privacy and security of information of our patients, employees, plan members and beneficiaries, customers at our food and beverage outlets, as well as our providers.”
Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.