Phoenix-based Banner Health has agreed to pay $6 million to victims of its 2016 data breach. Banner Health will pay an additional $2.9 million for legal costs.
Banner Health Agrees to Pay $6 Million for Data Breach
1 min read Premium comments
Secondary#cyberattacks#databreach#bannerhealth#creditmonitoring#settlement
The settlement will allow breach victims to submit reimbursement claims for expenses incurred by the breach. For ordinary expenses, the reimbursement is capped at $500 per victim. For extraordinary expenses, victims can be reimbursed up to $10,000. This includes out-of-pocket costs and time lost due to identity theft or fraud.
In December 2019, the preliminary settlement was approved in the United States District Court for the District of Arizona. The proposed settlement also included an additional two years of credit monitoring services for victims, as well as an agreement by Banner Health to improve its system’s security.
In 2016, cyber attackers gained unauthorized access to Banner Health’s computer servers that process payment card data at certain Banner Health food and beverage outlets. Investigators believe that the original attack occurred on June 17, 2016. The cyber attackers continued to access the systems between June 17, 2016 and July 7, 2016.
The cyberattack exposed the records of an estimated 3.7 million patients, employees and others. The exposed information included names, birthdates, social security numbers, addresses, physician names, dates of service, clinical information, health insurance information, and provider information.
Banner Health owns and operates 29 hospitals in seven states and is one of the largest, nonprofit health care systems in the country. Banner Health has more than 50,000 employees, making it one of the country’s largest employers as well. Banner Health’s University Medicine Orthopedic Institute provides a range of services and support including advanced care for back pain, joint issues and bones that are not healing.
There has been a recent trend of patients suing hospitals for data breaches. For OTW’s coverage of another recent data breach lawsuit, see “Victims Can Sue Ortho Clinics if Data Hacked.”
React:
Discussion
This is a fascinating development. In my practice we've seen similar outcomes with the revised protocol. The key differentiator seems to be patient selection criteria. Has anyone else noticed the correlation with BMI thresholds?
Great point. I'd push back slightly on the conclusion, the sample size in the cited study is too small to draw population-level inferences. That said, the directional signal is compelling and worth a larger RCT.
We implemented a similar approach last year. Early results are promising but we're still gathering 12-month follow-up data. Happy to share our protocol if anyone is interested.
Join the conversation
Orthopedic professionals are discussing this. Sign in and upgrade to read every comment and add your voice.