Norton Healthcare disclosed a data breach after a ransomware attack

Pierluigi Paganini December 09, 2023

Kentucky health system Norton Healthcare disclosed a data breach after it was a victim of a ransomware attack in May.

Norton Healthcare disclosed a data breach after a ransomware attack that hit the organization on May 9, 2023. The security breach exposed personal information belonging to patients, employees, and dependents. The health system notified federal law enforcement and launched an investigation into the incident with the help of a leading forensic security provider.

Norton Healthcare is a healthcare system based in Louisville, Kentucky (US). It is a leading provider of health services and medical care in the region. Norton Healthcare operates a network of hospitals, medical centers, physician practices, and other healthcare facilities.

Norton Healthcare operates more than 40 clinics and hospitals in and around Louisville, Kentucky.

“On May 9, 2023, Norton Healthcare discovered that it was experiencing a cybersecurity incident, later determined to be a ransomware attack.” reads the notice of security incident. “Our investigation determined that an unauthorized individual(s) gained access to certain network storage devices between May 7, 2023, and May 9, 2023, but did not access Norton Healthcare’s medical record system or Norton MyChart.”

Threat actors gained access to files containing personal information of patients, employees, and dependents. The compromised information varied for each person and could have included: name, contact information, Social Security Number, date of birth, health information, insurance information, and medical identification numbers.  In some instances, the exposed data may have included driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures.

Norton Healthcare is offering impacted individuals two years of credit monitoring.

On May 25, 2023, the AlphV/BlackCat group claimed responsibility for the attack. BlackCat claimed to have exfiltrated 4.7 TB of data and leaked dozens of files as proof of the hack.

At the time of this writing the dark web leak site of the AlphV group is unavailable. BleepingComputer reported that the outage could be the result of a law enforcement operation.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Healthcare)

you might also like

leave a comment