Pat Ferrier

patferrier@coloradoan.com

Banner Health — a nationwide health system with hospitals and clinics in Fort Collins, Loveland and Greeley — suffered a cyberattack affecting nearly 4 million patients and customers.

The Arizona-based health system announced Wednesday it was mailing letters to about 3.7 million patients; health plan members and beneficiaries; food and beverage customers and doctors and healthcare providers about a hack that occurred between June 23 and July 7.

Payment cards used at Banner facilities nationwide were affected, including Fort Collins Medical Center Cafe, McKee Medical Center Cafeteria in Loveland and North Colorado Medical Center Bistro 1 and 2 in Greeley.

NEWS: Larimer County behavioral health tax officially on ballot

The attack did not affect all Banner Health patients, but the health system is still investigating the exact areas of attack, spokesman Bill Byron said.

"Suffice it to say, we know it is extensive throughout the network," he said.

The attack targeted payment card data, including cardholder's name, card number, expiration date and internal verification code.

The hack does not extend to people using credit or debit cards to pay for medical services.

BANNER: Hospital chain names new chief for Northern Colorado

Banner learned July 13 hackers attacked the cafes and later learned the attack included protected health information, Byron said.

The information may have included patient names, birth dates, addresses, doctors' names, dates of service, claims information and possibly health insurance information and Social Security numbers as well as information about doctors and health care providers, Banner officials said.

Banner has worked to block the attack and is bolstering ts security systems to prevent future incidents, Byron said.

"We feel people can use their payment cards with confidence," he said.

HEALTH CARE: UCHealth plans $135M Greeley hospital

Banner isn't the first large health care company to fall victim to a cyberattack. UCLA Health and Anthem suffered attacks last year affecting more than 84 million people combined. Sony, Home Depot, JP Morgan, Target and the federal government have all been victims of cyber attacks.

Banner is offering a free one-year membership to credit monitoring services for patients, health plan members, health plan beneficiaries, doctors and health-care providers and food and beverage customers affected by the incident.

The company is encouraging food and beverage customers to remain vigilant about the possibility of fraud by monitoring bank and credit card statements for unauthorized charges.

Banner also recommends patients review statements from their health insurer and report any charges for services they did not receive.

Customers with questions can call 855-223-4412, from 8 a.m. to 8 p.m. Mountain Time, seven days a week or visit bannersupports.com.