Banner Health Data Breach Litigation
In re Banner Health Data Breach Litigation,
United States District Court, District of Arizona,
Case No. 16-cv-02696
In September 2016, Keller Rohrback L.L.P. filed two class action complaints in the federal court in Arizona against Banner Health, the largest healthcare provider in Arizona, on behalf of 3.7 million patients, health plan members, beneficiaries, food and beverage customers, physicians and other health care providers related to the cyber-attack (data breach) that occurred in July 2016. Those cases and many others have been consolidated for pretrial purposes and are proceeding before Judge Susan R. Bolton of the United States District Court, District of Arizona.
In the data breach, the attackers gained access to computer systems that process payment card data at food and beverage outlets in certain Banner Health locations and may have also gained access to patient information, health plan members along with their beneficiaries’ personal identifying information (“PPI”). This could include names, addresses, Social Security numbers, treating physician information and payment data such as cardholder names, numbers, expiration dates and verification codes.
Plaintiffs allege Banner Health failed to maintain reasonable and adequate security measures to protect the data in their possession. In addition, Banner Health’s delay in detecting the data breach and notifying those potentially impacted has given the hackers months to mine and fraudulently use and or sell this valuable information without detection.
On January 16, 2018, the Plaintiffs Second Consolidated Amended Class Action Complaint was filed with the Court, under seal. The Defendant responded with a Motion to Dismiss. The briefing on the dismissal motion was completed in April 2018. The Defendant has also requested a hearing on their motion. If the Court grants that request and sets a date, we will include that information here.
Background on the Breach
On July 7, 2016, Banner Health discovered cyber-attackers may have gained unauthorized access to computer systems that held payment card data, including cardholder names, card numbers, expiration dates and internal verification codes. A week later, on July 13, 2016, Banner Health also learned that the cyber-attackers also could have gained access to patient information, health plan members and their beneficiaries’ information as well as data about their physicians and other health care providers. As many as 3.7 million patients, health care providers and customers of food and beverage outlets at Banner Health facilities could be at risk.