Phoenix-based Banner Health Suffers Data Breach Affecting 3.7M

Another day another hack: This time it’s the Phoenix, Arizona-based Banner Health.

Banner Health, a non-profit healthcare organization suffered a massive data breach on 17th June 2016 in which records of 3.7 million patients and staff were stolen.

The organization noticed suspicious activities on their computers leading to two cyber attacks (between 7th may and June 23rd) from unknown hackers who stole patients and payment records including health insurance information, payment card data, doctors’ data and details about customers who used organization’s cafeteria.

AZ Central reports that the organization plans to send letters to its 3.7 million affected victims in order to inform them about the large-scale data breach. The targeted customers also include those working for Banner Health as their insurance is also covered by the organization yet the Banner Health website states payment cards used for paying medical services remained unimpacted.

Peter S. Fine, President & CEO of Banner Health Banner said in a statement that “the organization is committed to maintaining the privacy and security of information of our patients, employees, plan members and beneficiaries, customers at our food and beverage outlets, as well as our providers.”

There has been a sudden increase in healthcare-related data breaches exposing the vulnerable cyberinfrastructure in the United States.

“Any business, organization or institution that keeps social security numbers, payment data, medical data and other personal information online is a potential goldmine for the cybercriminal because they can get a massive amount of valuable information in a very short period of time. Hospitals, medical practices, schools and even governments are at particular risk due to the high likelihood of handling private data that criminals would find attractive,” said Paul Jespersen, vice president of Enterprise Business Development at Comodo, a global cybersecurity innovator. “In today’s environment, it is imperative for any organization to work with advanced cybersecurity solutions developers who work daily to stay a step ahead of the criminal by researching advanced persistent threat patterns and innovating back-end security technologies that protect endpoints and networks and keep IT environments safe.”

History of Healthcare insurance data breaches in the United States:

The year 2015 was devastating for the healthcare industry where hospitals and medical insurance firms suffered back to back cyber attacks starting from MIE, the Indiana-based medical software firm exposing 4 Million user data (click here for more details), Excellus BlueCross BlueShield breach exposing 10 million customers (click here for more details), CareFirst Blue Cross and Blue Shield breach impacting 1.1 million customers (click here for more details) and hacking of Hollywood healthcare facility computers where cyber criminals demanded 9000 BTC ransom (click here for more details).

In 2016 alone there have been some large-scale medical and healthcare-related data breaches in which cyber criminals have stolen a trove of data from several facilities across the United States and sold them on the Dark Net. It was just a couple of days ago when HackRead exclusively reported on a massive data breach suffered by Central Ohio Urology Group in which Ukrainian hackers stole and leaked 223GB of highly confidential and personal data of patients, doctors, and employees.

John Christly, CISO, Netsurion, a provider of remotely managed security services for multi-location businesses criticized the poor security measures implemented by healthcare industry on their computer networks.

“It’s important for healthcare-related companies of all sizes and types to understand that their computer systems cannot be left unsecured, or these types of attacks will continue to happen.

Hackers desire access to all parts of a healthcare enterprise, including the payment card areas of the food and beverage networks, the electronic medical record systems, and most every other part of the internal network including email and database systems. The more data that can be taken before anyone notices, the better for the hackers, who can then use the data they have taken for profit or for additional attacks on that same customer– or other services where users may be using the same passwords.

These types of cyber attacks are all too common these days, where hackers break into a business network and remain undetected for days, if not weeks, and sometimes months before they are stopped. In that time, they can steal massive amounts of data from various systems they find on the network, as well as use weak user passwords that are found to escalate their permissions and do further damage… or they  may even go as far as leaving backdoors in place to allow for continued access, even after the initial hack is stopped.

Once a large enterprise network has been breached in this manner, it is very important to do everything possible to eradicate any last effects of the hack. This includes forcing all users to change their passwords, and may even involve rebuilding servers and databases that were affected to ensure that no lasting effects are left behind that could allow future hacks to occur again.

After the clean-up is completed, I would recommend that this type of company seek out vendors that can help them design a more segregated and secure internal network, protected by enterprise-class firewalls that are managed externally to the organization. It would be ideal to have file integrity monitoring tools, security information event management (SIEM), and integrated threat intelligence data coupled with the advanced firewall and segregated network design to help prevent, detect and respond to any issues that may happen in the future. These advanced toolsets should ideally be outsourced to a managed security firm that specializes in this type of service, which includes having expert threat researchers that are constantly looking for a new activity that could point to a hacker trying to steal data from your systems.”

If you are interested in going through the public statement and security notice published by Banner Health click here.


Related Posts