Banner Health said payment card, patient information and other data could have been pilfered Credit: Thinkstock Banner Health, a provider of hospital services, has notified by mail 3.7 million people — including patients, health plan members, healthcare providers and customers at its food and beverage outlets — that their payment card and health plan data, among other information, may have been compromised.The provider said Wednesday that it discovered on July 7 that cyberattackers may have gained access to computers that process payment card data at the food and beverage outlets at some of its locations. Payment cards that were used at these outlets at certain Banner Health locations from June 23 to July 7 this year may have been affected, the provider said. Card payments for medical services were not affected, according to the investigation.By July 13, Banner Health figured out that the attackers may have also got access to patient information, health plan member and beneficiary information, and information about physicians and healthcare providers.“The patient and health plan information may have included names, birthdates, addresses, physicians’ names, dates of service, claims information, and possibly health insurance information and social security numbers, if provided to Banner Health,” the nonprofit healthcare system, with headquarters in Phoenix, Arizona, said in a statement. The organization also learned that the attack started on June 17 and could have compromised more information. The physician and provider information may have included, for example, names, addresses, dates of birth, social security numbers and other identifiers used. Banner Health said it had immediately launched an investigation and taken measures such as hiring a forensics firm, taking steps to block the cyberattackers, besides contacting law enforcement. The incident did not affect all Banner Health patients, it said. The provider said it is offering a free one-year membership in monitoring services to patients and other categories of people affected by the incident.It warned customers of its food and beverage locations to review their payment card statements for any unauthorized activity, stating that payment card rules generally provide that cardholders are not responsible for timely-reported unauthorized charges. Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO CSO and CISO CSO and CISO news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe