Marianne Kolbasuk McGee reports:
A federal court recently granted final approval for an $8.9 million settlement of a class action lawsuit against Banner Health stemming from a 2016 data breach. The settlement spells out steps the Phoenix-based organization must take to improve information security.
[…]
The amount that Banner Health has agreed to spend in improving its security practices is redacted in court documents, but the steps the organization has agreed to take, or has already taken, include:
- Hiring a CISO to lead information security programs improvements;
- Adding 58 full-time employees for its information security department, including a 13-person leadership team and three full time employees dedicated to information security audit and assessment support
Read more about some of what they agreed to do on GovInfoSecurity. Apparently not all of the conditions are publicly available to review — there is a sealed document. It may be sealed to prevent potential attackers from finding out their plans.