Health Clinic Sued Three Days After Announcing Massive Security Breach

Some people don’t like to wait when filing lawsuits
Three days after announcing a data breach that might have potentially affected a whopping 3.7 million patients, a US-based healthcare provider was sued for negligence by one of its employees in a class-action lawsuit.

On August 3, 2016, Banner Health, an Arizona-based healthcare provider, announced that it detected a security breach on its network and that it would be notifying patients, doctors, and staff of a data breach that exposed personal and/or financial details.
“Hackers compromised payment processing system”

Banner Health nailed by huge cyberattack that compromised personal data of 3.7 million people

The healthcare provider said that its IT department detected on July 7 that a third-party had compromised the payment processing systems used by food and beverage outlets at Banner Health locations in Alaska, Arizona, Colorado, and Wyoming.

The company claimed the hackers managed to steal cardholder name, card number, expiration date, and internal verification codes, but patients who paid for medical services were not affected.

Six days later, on July 13, the company also announced it detected a breach of its servers that exposed the personal details of patients.
“Hackers also stole patient records”

Banner Health explained the exposed data might have included names, dates of birth, addresses, physicians’ names, dates of service, claims information, health insurance information, social security numbers, and other identifiers.

The company said its servers were compromised on June 17 while the crooks penetrated the payment systems on June 23.

Three days after the announcement, on August 6, Dr. Howard Chen, an employee of the Banner Thunderbird Hospital in Glendale, filed a class-action lawsuit against Banner Health, accusing the company of negligence and asking for better compensation, AZCentral reports.

Banner Health offered one year of free credit card monitoring. Dr. Chen considers that this was inadequate and is asking for identity protection services as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.