Banner Health Data Breach Lawsuit

3.7 million people affected by massive security breach

Girard Gibbs’ data breach attorneys are among those representing the patients, health care providers, and consumers affected by a massive data breach at Banner Health in the summer of 2016.  Bann Health announced the breach on August 2, 2016, saying that the breach may have exposed the personal health and other sensitive information of up to 3.7 million individuals.  Banner stated that the hackers gained access to its medical records network through certain computer servers, including the servers that process payment card information where food and beverages were sold.

Girard Gibbs initially filed a federal class action lawsuit in Arizona in September 2016, on behalf of individuals whose personal information was compromised in the breach.  On November 23, 2016, Girard Gibbs partner Eric Gibbs was appointed by United State District Judge Holden of the District of Arizona to serve on the Plaintiffs’ Executive Committee. The Court considered competing applications from a number of law firms and ultimately selected Eric as part of the four-person leadership structure, which includes two co-lead counsel and two executive committee members.

Were you exposed in the Banner Health Data Breach?

If you are a Banner Health patient, provider or health plan member, or if you paid with a debit or credit card at one of its food and beverage locations, your personal information may have been stolen. Know your rights. For a free consultation about your potential privacy case, contact a data breach attorney toll-free at (800) 254-9493.

Banner Health Data Breach Leaves Millions of People Vulnerable

According to Banner, its network was compromised on June 17, 2016, and the breach was discovered by the company on July 13, 2016. The potentially compromised information varies based on individuals’ relationships to Banner Health, and is detailed below:

Banner Health Patients

Potentially compromised information for patients of Banner Health’s 23 hospitals and other specialized facilities includes:

  • patient names
  • addresses
  • birthdates
  • physician names
  • dates of service
  • clinical information
  • health insurance information
  • Social Security numbers (if they were provided to the system)

Banner Health Plan Members and Beneficiaries

In addition to the personal information listed above, additional information that may have been breached for those enrolled in a Banner health plan includes:

  • claims information
  • insurance information
  • employee benefit information

Banner Health Providers and Physicians

According to Banner, the types of information impacting providers potentially breached in the cyber-attack may include:

  • provider names
  • addresses
  • Drug Enforcement Agency numbers
  • tax identification numbers
  • national provider identifier numbers

Banner Health Food and Beverage Customers

For those individuals who used payment cards at the affected Banner Health Food and Beverage outlets listed at the bottom of this page, breached information may include:

  • Cardholder names
  • Card numbers
  • Expiration dates
  • Internal verification codes

Questions Emerge About Banner Health Data Security

Several media outlets and IT publications reporting on the breach have questioned the security system in place that would allow hackers to access medical data through a payment processing system. According to a senior information security analyst commenting on the Banner Health data breach in Healthcare IT News, “These should have been entirely segregated from one another – I can’t imagine any reason why a cafeteria point-of-sale system would need access to systems storing medical records.”

Dangers to Consumers in the Exposure of Personal Health Information

For several years, the FBI and security experts have warned that cyber criminals are increasingly targeting the $3 trillion U.S. healthcare industry. That is because Personal Health Information (or “PHI”) is a rich source of personal data that can be used in identity theft. The black market resale value of PHI is estimated to be ten times higher than credit card data. While credit cards can be cancelled or replaced, PHI – including name, age, gender, address, Social Security numbers, diagnosis codes, insurance information and personal medical history – can’t be changed.

Criminals may use this stolen medical information to create fake IDs to buy medical equipment or drugs that can be resold, or combine a patient number with a provider number and file false claims with insurers. Having access to detailed personal data can also make targeted email or spear phishing attacks easier and more effective, and threats to disclose private and potentially embarrassing medical information could be used for potentially lucrative blackmail schemes.

Talk to a Privacy and Data Breach Lawyer

If you believe your personal information may be at risk from the Banner Health Data Breach, contact our data breach lawyers for a free, confidential consultation about your privacy rights by calling toll-free (800) 254-9493 or filling out the form.

Our Extensive Data Breach Class Action Experience

We are representing health-plan subscribers whose information was compromised when hackers infiltrated Anthem Blue Cross, and Excellus Blue Cross and Blue Shield. In the past, we have successfully represented consumers with data breach and privacy claims involving HealthNet and Certegy Check Services.

Partner Eric Gibbs has established himself as a leader in emerging litigation involving data breach and privacy. Eric secured a landmark ruling in the Adobe Systems, Inc. Privacy Litigation, which makes it easier for plaintiffs to seek relief following a breach. He was recently selected from among a pool of attorneys from across the country to serve as co-lead counsel in the Vizio, Inc., Consumer Privacy Litigation.

Eric co-founded the American Association for Justice’s Data Breach and Privacy Litigation Group, and has served as chair and organizer of several consumer privacy conferences on best practices and developments in consumer privacy litigation.

Reputation for Excellence in Consumer Protection and Class Actions

Eric Gibbs was recently recognized by the Daily Journal as a “Top Plaintiff Lawyer in California for 2016.”

The firm was also distinguished as a Tier 1 law firm for plaintiffs’ mass tort and class-action litigation in the 2013-2016 “Best Law Firms” list, an annual survey published in the U.S. News & World Report’s Money Issue. The National Law Journal (NLJ) named Girard Gibbs to its elite “Plaintiffs’ Hot List” for 2012, a selection of top U.S. plaintiffs’ firms recognized for wins in high-profile cases. Several of the firm’s attorneys have earned AV-Preeminent ratings from Martindale-Hubbell, recognizing them in the highest class of attorneys for professional ethics and legal skills.

Affected Banner Health Restaurants and Locations

According to Banner Health, the food and beverage locations that were affected include:

Banner – University Medical Center Tucson Main CampusEast Morgan County Hospital Bistro (CO)Banner – University Medical Center Tucson South CampusMcKee Medical Center Cafeteria (CO)Banner Baywood Medical Center Cafeteria (Mesa)North Colorado Medical Center Bistro 1Banner Behavioral Health Hospital – Camelback Café (Scottsdale)North Colorado Medical Center Bistro 2Banner Boswell Medical Center – Lobby Latte (Sun City)Community Hospital – Torrington Bistro (WY)Banner Boswell Medical Center Culinary Svcs (Sun City) Banner Casa Grande Medical Center Café Banner Corporate Center-Mesa Bistro Banner Corporate Center-Mesa Espresso Banner Del E. Webb Medical Center – Daily Grind (Sun City West) Banner Del E. Webb Medical Center Culinary Svcs (Sun City West) Banner Desert Medical Center Bistro (Mesa) Banner Estrella Medical Center Café (Phoenix) Banner Gateway Medical Center – Canyon Café (Gilbert) Banner Heart Hospital Deli (Mesa) Banner Ironwood Medical Center Café (Queen Creek) Banner MD Anderson Cancer Center – Salt River Bistro (Gilbert) Banner Thunderbird Medical Center – Tbird Café (Glendale)

Arizona Locations Other States
Banner – University Medical Center Phoenix Bistro Fairbanks Memorial Hospital Café (AK)
Banner – University Medical Center Tucson Healing Gardens Banner Fort Collins Medical Center Café (CO)
Slice 1 BLF 2017