Between 23 June and 7 July 2016, attackers first compromised Banner Health’s point-of-sale (POS) systems at food and beverage outlets within Banner Health facilities, using RAM-scraping malware to steal payment card data. The attackers then pivoted from the POS network into Banner’s broader healthcare IT infrastructure and accessed patient, health plan member, and provider data. Banner Health operates 29 hospitals and numerous clinics across multiple US states. The total breach affected approximately 3.7 million individuals: approximately 2.9 million patients and health plan members whose personal and health information was exposed (names, dates of birth, Social Security numbers, addresses, clinical and claims data), plus payment card data for individuals who used food and beverage outlets at Banner facilities between 23 June and 7 July 2016, and provider data for physicians credentialed with Banner. Banner disclosed the breach on 3 August 2016. HHS OCR investigated and reached a $1.25 million settlement with Banner Health in 2023 for multiple HIPAA violations related to the breach, including insufficient risk analysis, inadequate access controls, and failure to implement hardware and software controls. The breach demonstrated a novel attack vector: using lightly-secured ancillary payment systems as a pivot point into the main healthcare network.