Phoenix-based Banner Health has paid a $1.25 million settlement to resolve a data breach after a 2016 hacking incident disclosed the protected health information of 2.81 million consumers.
The settlement is in relation to the HIPAA security rule, which aims to help protect health information and data from cybersecurity attacks.
According to HHS' Office for Civil Rights, Banner's potential violations include: the lack of an analysis to determine risks to electronic protected health information; insufficient monitoring of its information systems' activity; failure to implement an authentication process; and failure to have adequate security measures in place to protect electronic protected health information from unauthorized access when being transmitted electronically.
Banner also agreed to implement a corrective action plan, which identifies steps to resolve the potential HIPAA security rule violations and protect the security of electronic patient health information.
"Hackers continue to threaten the privacy and security of patient information held by healthcare organizations, including our nation’s hospitals," OCR Director Melanie Fontes Rainer said in a Feb. 2 news release. "It is imperative that hospitals and other covered entities and business associates be vigilant in taking robust steps to protect their systems, data, and records, and this begins with understanding their risks, and taking action to prevent, respond to and combat such cyberattacks."