The personal details of around 2.7 million UK customers were accessed and downloaded by attackers.
BA is contacting two groups of customers not previously notified.
The deal is the latest in a series of measures to strengthen cyber security in the NHS since the WannaCry attack last May.
Tom Bossert said the regime was "directly responsible" for the ransomware that was "widespread and cost billions."
The full scale of the global cyber attack that caused mass NHS disruption may only become apparent when people return to work on Monday.