A settlement of $6 million was reached in a lawsuit involving 3.7 million patients of a hospital system impacted by a 2016 data breach. If approved by the courts, those affected will be entitled to $500 or $10,000 depending on the degree of damaged caused to them. Patients affected should take immediate action.
Banner Health Data Breach affects Millions so Act Fast to Get Paid
Arizona’s Banner Health reached the proposed settlement of $3.7 million. In what is becoming increasingly common, the plaintiffs in the case filed for damage with the federal court in Arizona. The motion was for the preliminary approval of a settlement to end a proposed class action over the cyberattack that took place in June 2016. The settlement would provide expose reimbursement of up to $500 for ordinary expenses and $10,000 for extraordinary expenses with an overall cap of $6 million.
Extraordinary expenses include covering time lost from work in dealing with identity theft. While it is often difficult to know when the damage is complete in a data breach case because your personal information has been exposed forever, those affected should act fast. A $6 million overall cap and more than 3 million potential filers for damage means those seeking maximum payouts will likely need to be among the first to file.
In this brazen hack, the criminals gained access to Banner’s computer servers and accessed records including credit card information for those who purchased food and beverage at the health system. This could include not just patients but those who made purchases at Banner. Patients were initially offered one year of credit monitoring services and patient advocates responded that this was inadequate. MyProfyle agrees with them given the fact that the average time to discover identity theft is 13 months and these records were exposed forever. The damage should arguably cover these individuals for as long as their credit cards are valid.
29 Data Breaches in November affecting 570,565 Patients
But the damage doesn’t stop with Banner. According to records provided by the HHS’s Office for Civil Rights, there were 29 reported data breaches in November alone affecting over half a million patients. In October there were 47 data breaches victimizing over three hundred thousand people. The number of data breaches per month has been rising slowly over the last decade but has risen sharply in 2019. There have been over 400 data breaches this year that affected at least five hundred individuals. More than 4 million individuals have been exposed in total.
Moreover the size of some of these breaches can be tremendous and a quick review of these incidents appears to reveal that fewer breaches are accidental exposures like lost laptops or improperly disposed-of records and more are deliberate hacks of cloud databases, networked servers, email servers and computers within the organizations. In years past many of these data breaches were accidental and it was arguable that few people were put at risk but with these deliberate hacks, the patient records are being targeted deliberately and can be expected to be exploited.
$100 for each Medical Records
When hackers target medical records, they do it for profit. On the dark web where consumer records are bought and sold like baseball cards, medical records fetch far higher prices than any other type of record. The reason is because of the extraordinary detail contained in medical records. In additional to a comprehensive list of personal information (name, address, birthdate, SSN etc.) there is often hospital login credentials, payment card information, insurance information, medical history and more.
While a record for a typical consumer website – say a shopping site, might contain your username, password, address and purchase history, the information usable by a criminal can be quite narrow. If you share your password across many websites, that information is often the only thing of value. In effect, the breach of the shopping site may give the criminal access to your banking website if they can guess where you bank. Credit card information is usually not stored on these websites. But medical records contain information that is immediately usable for purchases, insurance fraud and more.
One recommendation is to check the official HHS Office for Civil Rights data breach portal to see any medical organization you deal with has been breached. Of course, with off-site labs and medical records handling, it is possible that your information has been exposed by an organization that contracts with your clinic or hospital that you don’t even know of. Check that website and pay special attention to breaches described as Hacking/IT Incident or Theft. Those identified as Improper Disposal or Loss may present a far lower risk since criminals may not be involved.
Of course any data breach can expose your credentials which is another reminder to practice good password safety including strong passwords and different passwords for (at a minimum) sensitive website such as financial and medical organizations. Finally, if you haven’t done so already, register for MyProfyle’s Free for Life Identity Protection™, the only free identity monitoring service. Or consider trying our upgraded services that include identity restoration and other benefits.