Cyber Incident Victim: Banner Health
Date:
Jun 2016
Location:
United States of America
Summary
Banner Health experienced a cyberattack potentially compromising personal information, including names, Social Security numbers, and birth dates, of approximately 3.7 million individuals. The breach also involved unauthorized access to payment card data from customers who made purchases at specific food and beverage outlets within the organization's Tucson locations. The healthcare provider engaged law enforcement and a forensics firm to investigate the incident while cautioning affected parties about fraudulent websites mimicking its domain. This incident occurred amid a broader trend of increasing cyberattacks targeting healthcare entities in the United States.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Banner Health, a Phoenix-based nonprofit healthcare organization operating hospitals and facilities across Arizona, publicly disclosed a significant cybersecurity incident on June 17, 2016. Attackers gained unauthorized access to a limited number of the organization's computer servers, potentially compromising sensitive records of approximately 3.7 million customers. The breach exposed personally identifiable information including patient names, dates of birth, and Social Security numbers. Additionally, payment card systems at specific Banner Health food and beverage outlets were compromised, particularly affecting customers who made purchases at three locations in Tucson. The organization confirmed the attack began on June 17 but did not specify when the intrusion was initially detected or the duration of unauthorized access prior to discovery. Banner Health initiated customer notifications following internal verification of the breach but refrained from confirming the exact number of affected individuals beyond the 3.7 million estimate.
In response to the incident, Banner Health engaged law enforcement agencies and contracted a digital forensics firm to investigate the attack's origin and scope. The organization issued public warnings about fraudulent websites impersonating its legitimate web presence, cautioning that these malicious sites could distribute malware to unsuspecting visitors. While emphasizing that not all patient records were compromised, Banner Health did not provide technical details regarding the attack methodology or specific server vulnerabilities exploited. The breach occurred amid a broader trend of healthcare sector targeting, as evidenced by a contemporaneous attack on an Ohio-based urology practice where hackers leaked stolen patient data via social media platforms. Banner Health's disclosure highlighted systemic cybersecurity challenges within the healthcare industry without specifying remediation measures implemented beyond the forensic investigation and regulatory notifications.