Slashdot Mirror

← Back to Stories (view on slashdot.org)

Banner Health Alerts 3.7 Million Potential Victims of Hack (bannerhealth.com)

Posted by BeauHD on from the victims-of-cyber-attacks dept.

New submitter Netdoctor writes: Apparently Banner Health is the latest victim of a cyber attack, with the Health conglomerate reporting on two incidents in July. While not all Banner customers were affected, payment details as well as customer information were leaked, according to their news brief. Some 3.7 million people are potentially affected by the attack, including patients, health plan members, healthcare providers and customers at its food and beverage outlets. Card payments for medical services appear to be safe. The company is offering a free one-year membership in monitoring services to those who are affected by the breach. Banner Health said in a statement: âoeThe patient and health plan information may have included names, birthdates, addresses, physiciansâ(TM) names, dates of service, claims information, and possibly health insurance information and social security numbers, if provided to Banner Health."

2 of 30 comments (clear)

  1. Why Try by psyclone · · Score: 3, Insightful

    Why even try to secure information anymore - just make it all public.

    Only need a way to not use all this info to spoof an identity for financial gain. If the Social Security Admin listed all the names & birthdays & numbers online, I'm sure industry would figure it out. Right?

    1. Re:Why Try by ShanghaiBill · · Score: 3, Insightful

      Why even try to secure information anymore - just make it all public.

      Bingo. This is the solution. It is idiotic to have numbers, including SSNs and CC numbers, that need to be both secret and widely known. Everyone I have ever done business with (as an employee, contractor, contractee, patient, client, etc.) knows my SSN. Every waiter in most local restaurants has had access to my CC numbers along with the super secret 3-digit code that is printed directly on the card in plain view. It is absurd that someone can establish and use credit in my name with mere knowledge of these numbers. These numbers should be public so there can be no presumption that they are secret, and there should be a separate system of authentication that is not based on knowing semi-public information.