The hits just keep coming! Arizona-based Banner Health recently announced that it had experienced a cybersecurity attack potentially affecting 3.7 million patients, members and beneficiaries, providers, and food and beverage outlet customers. This particular attack came as a result of targeting payment card data at food and beverage facilities. Here is an excerpt from the article at HealthITSecurity:

The food and beverage outlet breach was discovered on July 7, 2016, according to the Banner website. Payment cards used at 27 different Banner Health locations from June 23, 2016 to July 7, 2016 may have been affected. The possibly affected locations on Banner’s list are in Arkansas, Arizona, Colorado, and Wyoming.

“The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems,” Banner said.

For providers, names, addresses, dates of birth, DEA (Drug Enforcement Agency) numbers, TINs (Tax Identification Number), NPIs (National Provider Identifiers) numbers, or Social Security numbers may have been affected in the health data breach.

What can we learn from this? Attacks can come from anywhere, anytime and the “bad folks” are looking for ways to attack. PCI compliance is something that most providers don’t think about, except when they get the annoying annual obligatory PCI scan request from their bank or merchant services provider. But, you have to be aware and continue to take these issues seriously – all angles, all defenses, all reasonable measures.