Editor’s Note: 2017 was a significant year for ransomware attacks. In the coming year, cyberattacker activity will branch out into new territories. Payers and Healthcare networks must stay ahead of trends to protect against cyberattack threats. Click HERE for how BHM develops high level protection for your data, addresses the c-suite cyberattack concerns, and proves it with HITRUST CSF. 

cybersecurityThe HHS Office for Civil Rights is investigating Phoenix-based Banner Health for its responses to past security assessment activities stemming from a 2016 cyberattack, according to a statement contained in its fiscal year 2017 financial statement.

Banner said it is cooperating with the investigation and expects it could result in negative findings against its information technology security program as well as a fine. However, the health system added it is not possible to estimate how much that fine may be.

In late June 2016, Banner learned an attacker infected its computer network with malware, and the authorized user copied nearly 21,000 credit card numbers stored on its food and beverage outlets at some of its locations. Additionally, attackers potentially accessed Banner servers that stored 3.7 million patients’ and providers’ personal information.

In response to the cyberattack, Banner said it removed the malware, addressed the issues in its network and enhanced its network security. It also notified affected individuals and offered ongoing monitoring to help protect their identities. However, in its financial statement, Banner wrote the OCR determined its initial response to its security assessment was “inadequate.”

“Although Banner has supplemented its initial responses, Banner anticipates that it may receive negative findings with respect to its information technology security program, and that a fine may be assessed against Banner,” the health system wrote.

Nine putative class action lawsuits seeking damages and other remedies for the affected individuals have been filed again Banner and consolidated into one suit that Banner plans to defend “vigorously,” according to its financial statement.

2017 was a significant year for ransomware attacks. In the coming year, cyberattacker activity will branch out into new territories. Payers and Healthcare networks must stay ahead of trends to protect against cybersecurity threats. Click HERE for how BHM develops high level protection for your data, addresses the c-suite cyber-security concerns, and proves it with HITRUST CSF.