Phoenix, Arizona, based Banner Health (Banner), reportedly one of the largest health care organizations in the country, began notifying up to 3.7 million patients this week of a data breach of its computer systems that processes food and beverage purchases at some of its locations. The intrusion was initiated on June 17, and discovered by Banner on July 7.

The intrusion started with the compromise of credit card transactions used to purchase food and beverages, including cardholders’ names, card number, expiration date and internal verification codes between June 23 and July 7. According to Banner, no payment card payments used to pay for medical services were compromised.

But it doesn’t stop there. On July 13, Banner discovered that the attackers may have gained access to patient information, health plan member and beneficiary information, and patient and health information. The patient and health plan member information that may have been compromised includes names, addresses, dates of birth, physicians’ names, dates of service, claims information, health insurance information and Social Security numbers. The physician and provider information that may have been compromised includes names, addresses, dates of birth and Social Security numbers.

Banner operates in seven states: Arizona, Alaska, California, Colorado, Nebraska, Nevada and Wyoming.

[View source.]