Earlier this month, Banner Health announced a data breach affecting approximately 3.7 million people. Since then, a series of class action lawsuits have been filed against the healthcare provider.
The breach involved two separate attacks, Banner Health said. The first targeted payment cards used at food and beverage outlets across some Banner Health locations. The second targeted patient, insurance, and provider information.
The sensitive healthcare information that was stolen is what sets this case apart from other recent data breach lawsuits, said Michella Kras, of counsel, Hagens Berman Sobol Shapiro. Kras is one of the attorneys working on the Banner data breach case filed by the firm, which she discussed on this week’s Cyber Chat podcast.
Hagens Berman Sobol Shapiro filed the class action lawsuit on behalf of Howard Chen, an Arizona doctor whose information was stolen in the breach.
“Dr. Chen’s personal information was compromised in three different ways: as an employee, insurance customer, and health provider,” the lawsuit states. “Dr. Chen is concerned that as a result of Banner’s conduct, his personal information, provider information, and health information is vulnerable to use by third parties.”
Banner Health has offered one-year of free credit monitoring to those affected by the breach, but that’s not enough, said Kras, who estimated Banner Health may pay $6 per person for the service.
“That’s not much of an incentive for them to change their practices because that’s such a small amount to a company that big,” Kras said. “It needs to be something greater than that to spur them to make changes.”
Listen to the podcast for more on Banner Health, class action lawsuits in general, and what companies can do to limit their liability.