Phoenix-based Banner Health said Wednesday that cyberattackers “gained unauthorized access” to a “limited number” of Banner Health computer servers, including the servers that process payment card information where food and beverages are sold at the health system.

Banner Health said it launched an investigation, hired a leading forensics firm, took steps to block the cyber attackers, and contacted law enforcement. The investigation revealed that the attack was initiated on June 17, 2016.

In total, 3.7 million patients, Banner health plan members and beneficiaries, food and beverage customers and providers, may be affected, making it the largest healthcare data breach of 2016, so far.

There is no indication at this point that the information is being misused, company officials said.

Banner Health, which operates in Alaska, Arizona, California, Colorado, Nebraska, Nevada and Wyoming, said the attack did not affect all patients, but the scope of the attack could have immense implications. Banner Health, a non-profit, is the state’s largest private employer and operates 29 acute care hospitals in seven states.