Banner Health under investigation for 2016 cyberattack

The HHS Office for Civil Rights is investigating Phoenix-based Banner Health for its responses to past security assessment activities stemming from a 2016 cyberattack, according to a statement contained in its fiscal year 2017 financial statement.

Banner said it is cooperating with the investigation and expects it could result in negative findings against its information technology security program as well as a fine. However, the health system added it is not possible to estimate how much that fine may be.

In late June 2016, Banner learned an attacker infected its computer network with malware, and the authorized user copied nearly 21,000 credit card numbers stored on its food and beverage outlets at some of its locations. Additionally, attackers potentially accessed Banner servers that stored 3.7 million patients' and providers' personal information.

In response to the attack, Banner said it removed the malware, addressed the issues in its network and enhanced its network security. It also notified affected individuals and offered ongoing monitoring to help protect their identities. However, in its financial statement, Banner wrote the OCR determined its initial response to its security assessment was "inadequate."

"Although Banner has supplemented its initial responses, Banner anticipates that it may receive negative findings with respect to its information technology security program, and that a fine may be assessed against Banner," the health system wrote.

Nine putative class action lawsuits seeking damages and other remedies for the affected individuals have been filed again Banner and consolidated into one suit that Banner plans to defend "vigorously," according to its financial statement.

More articles on cybersecurity:
Top 5 items threat actors seek in healthcare breaches
5 things to know about HHS' stalled cybersecurity center
Survey: Scam artists, negligent insiders credited with most recent security incidents in hospitals

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars