Healthcare Information Security


Learning from the Banner Health Cybersecurity Attack

The Banner Health cybersecurity attack should be a lesson for covered entities to review where their data is being stored, how it’s being protected, and where there is access.

By Elizabeth Snell

Last week, Arizona-based Banner Health reported it had been the victim of a cybersecurity attack, potentially compromising 3.7 million records in the process.  The incident was discovered on July 7, but Banner stated that the attack first took place on June 17.

End-point security essential in preventing potential cybersecurity attacks

What makes this particular attack truly ferocious and complex is that the hackers were able to gain unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers, according to data security expert Bill Kleyman.

This is not the last time that a health cybersecurity attack will likely happen, and the frequency of these attacks may very well increase, he added.

“We're seeing the vast digitization of patient and healthcare records,” Kleyman wrote in an email. “Now, these are being correlated with payment systems and entire healthcare plans. Per Banner, cardholder names, card numbers, expiration dates and internal verification codes were compromised. Banner Health released a list of 27 food and beverage locations that were affected by the cyber attack. Furthermore, those enrolled in a Banner health plan may also be impacted. This includes claims information, insurance information and employee benefit information.”

Data breach notification letters were being sent out via mail to the potentially affected, and should be received by September 9, 2016, Banner Health said on its website.

“We have returned to accepting all forms of payment at food and beverage facilities. You can use your payment card with confidence,” Banner reported. “This incident did not affect payment cards used for payment of medical services.”

While the details are still a bit fuzzy, Kleyman maintained that this is a lesson for other healthcare organizations to ensure that they are constantly reviewing where their valuable data is being stored. Furthermore, they need to ensure they know how that data is being protected and where there is access.

“Too often, we take reactive approaches to security,” Kleyman said. “Of course, there is no silver bullet when it comes to security. However, healthcare organizations must approach security like architects; by seeing the big picture. And, I can't recommend this enough, work with security professionals to do penetration testing against your network, all of your data points, and your most critical systems.

Yes, this is an expense. And yes, this takes time. However, internal pen testing can prevent headlines like this. Or, at the least, reduce the number people being impacted."

End-point security is a critical area for healthcare organizations of all sizes to be aware of and ensure that they have the necessary protections in place.

However, healthcare has room for improvement when it comes to end-point security, according to a Ponemon and CounterTack survey from earlier this year.

The report found that that 80 percent of participants said that their mobile end-points have been the target of malware in the past year while 60 percent said it has become more challenging to manage end-point security in the past 24 months.

Half of the respondents, which included healthcare organizations, also said that their companies were not equipped to manage malware threats, especially with end-point devices.

“Hackers are relentless, they won’t take ‘no’ for an answer and unless you have mechanisms in place to either slow them down or stop attacks against your end-points, your data and IP is at serious risk,” Countertak CTO Michael Davis said. “What is most concerning is that the malware used widely in today’s attacks give a hacker complete access to an organization's data not just the device. Long gone are the days of simple fraud and identity theft as the main attacker goal.”

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks