PHOENIX — Banner Health, which has hospitals and clinics in northern Colorado, reported a large cyberattack that compromised the records of up to 3.7 million patients and customers, the health system said Wednesday.
The attack includes patients, health insurance plan members and beneficiaries, food and drink customers, doctors, and health care providers, it said in a letter. The hack happened between June 23 and July 7.
Banner Health said it discovered unusual activity on its servers in late June and found at least two attacks by hackers getting access to patient records and payment card records.
Payment cards used at Banner facilities across the country were affected, including at Colorado locations in Greeley (North Colorado Medical Center), Loveland (McKee Medical Center), Fort Collins (Banner Health Clinic and Banner Fort Collins Medical Center), Brush (East Morgan County Hospital) and Sterling (Sterling Regional MedCenter).
Not all patients were affected, Banner Health said. The attack went after payment card data, including cardholder’s name, card number, expiration date and internal verification code.
Banner Health said the attack did not affect people using credit or debit cards to pay for medical services. It said hackers went after cafes then later protected health information that could include patient names, birth dates, addresses, Social Security numbers, dates of service, doctors’ names and health insurance information.
Banner Health said it will offer a free one-year membership to credit monitoring services to those who were affected. It recommends patients review statements and report any excess charges.
For questions, customers can call 855-223-4412 from 8 a.m. to 8 p.m. MDT or visit BannerSupports.com.