[BreachExchange] Judge approves $8.9M settlement for Banner Health data breach

Destry Winant destry at riskbasedsecurity.com
Tue Apr 28 10:16:16 EDT 2020


Phoenix-based Banner Health will pay $8.9 million to end claims from a
2016 data breach that exposed personal information of 2.9 million
patients, according to Bloomberg Law.

A  federal judge in Arizona on April 21 approved the settlement, which
was reached in December. The settlement will pay each patient that is
covered by the class action $500 and up to $2.9 million to the
plaintiffs' attorneys.

"We are pleased to resolve this matter and will continue to work
diligently in the best interests of our patients, employees and
physicians," Becky Armendariz, senior director of marketing and public
relations at Banner Health, said in an emailed statement to Becker's
Hospital Review.

Banner Health on Feb. 10 began notifying people who were impacted by
the cyberattack of a proposed class action settlement, Ms. Armendariz
said. Banner Health's computer systems were compromised by a
cyberattack in June and July of 2016. The unauthorized third party was
able to view patient information including Social Security numbers,
patient data and payment data.

Since the cyberattack, Banner Health notified impacted individuals,
conducted an investigation and implemented safeguards to help prevent
a similar incident from occurring again, according to Ms. Armendariz.

The health system created a website for anyone who was previously sent
a notification that their personal information may have been
compromised to learn more about the settlement and make a claim.

More information about the BreachExchange mailing list