Why one security expert gives Banner Health's handling of its breach a 'C-minus'

Earlier this month, Phoenix-based Banner Health announced the largest data breach of any hospital so far this year. Cyberattackers gained access to the system's servers, including those processing credit card information for cafeteria sales, and others containing data from health plan members and beneficiaries — more than 3.7 million patients were affected overall.

In a recent interview with Forbes, Jeff Williams, chief technology officer and cofounder of Contrast Security, shared what rating he would give Banner if the healthcare industry evaluated organizations on how they handled themselves during and after a data breach.

Taking into consideration factors like the timeline of the breach, tone of the disclosure, scope of information stolen, number of individuals affected, cause, efforts to pick up the pieces and where the blame was placed, Mr. Williams graded Banner's performance during the course of the breach and gave the system a barely passing grade.

"Overall I give them a C-/D+," Mr. Williams told Forbes in an emailed statement. "There is still an awful lot of missing information. What is there isn't bad, but we only have a tiny piece of the story of this breach. And they don't seem too sorry."

Banner is in the process of notifying anyone who could potentially be impacted by the breach, and is offering free identity theft and credit monitoring services. 

More articles on health IT:

Banner Health cyberattack brings layered security strategy into focus 
Company issuing health plan ID cards hit with data breach affecting 3.3M 
Physician files class-action lawsuit against Banner over data breach 

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers