Arizona-based health services operator Banner Health said Wednesday that it was the victim of a cyberattack potentially affecting about 3.7 million patients, physicians, health plan members and others across seven states.
The organization, which operates a community hospital in Fallon and facilities in Fernley, did not confirm whether any Nevada patients’ information was compromised in the attack.
Spokeswoman Jennifer Ruble said she didn’t yet have data on the number of people affected in each of the seven states in which the health system operates.
“We were anxious to report this concern as soon as we were able,” she said in an email.
The nonprofit system is mailing letters to possibly affected individuals, has contacted law enforcement and has taken actions to block cyberattackers, according to a statement.
The organization said it discovered a potential data breach of food and beverage customers’ payment information July 7.
The cyberattack affected payment information from food and beverage sales between June 23 and July 7 but did not affect medical service payments, the release said.
A list of affected locations online for that incident included no Nevada facilities.
Another breach was detected July 13 and an investigation found the attackers “may have gained unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and health care providers,” the statement said.
The attack began June 17 and may have compromised information including patient social security numbers, birth dates and addresses.
Banner encouraged food and beverage customers to monitor their payment card statements for unusual activity and encouraged patients to go over insurance statements to ensure they’re not being billed for services they did not receive.
Besides Nevada and Arizona, the health system also operates facilities in Alaska, California, Colorado, Nebraska and Wyoming.