OCR investigating Banner Health for 2016 breach of 3.7 million patient records

The US Department of Health and Human Services’ Office of Civil Rights is investigating Banner Health over a 2016 breach of data for 3.7 million patients. Hackers accessed the company’s payment processing system at its food and beverage outlets and eventually gained access to servers containing patient data. Banner Health is cooperating with the investigation, but expects to face fines and negative findings regarding its security program. The extent of the penalties is unknown, as it will be determined based on factors such as history of non-compliance and the organization’s ability to pay.