Norton Healthcare Ransomware

Norton Healthcare Discloses Ransomware Attack: 2.5 Million Individuals’ Data Compromised

Norton Healthcare, a healthcare organization based in Kentucky, has notified approximately 2.5 million individuals about a security breach that occurred earlier this year, involving a ransomware attack.

Norton Healthcare Ransomware

The incident was detected on May 9, 2023, and unauthorized access to specific network storage systems took place over a two-day period.

The Louisville-based healthcare provider, which operates 140 locations in Greater Louisville and Southern Indiana, disclosed that the attackers successfully accessed and extracted files containing personal information belonging to current and former patients, employees, and their dependents.

By mid-November, Norton Healthcare determined that the compromised data included names, contact details, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers. Additionally, some records may have included driver’s license numbers or other government ID numbers, financial account details, and digital signatures.

Notably, the medical record system and the Norton MyChart application service, enabling patients to access their medical records via mobile devices, remained unaffected.

While the notice did not specify the number of affected individuals, Norton Healthcare reported to the Maine Attorney General’s Office that personal information from 2.5 million individuals was stolen. The BlackCat/Alphv ransomware group claimed responsibility for the attack in May 2023 and threatened to release around 4.7 terabytes of allegedly stolen data from Norton Healthcare.

The Tor-based BlackCat/Alphv leak site became inaccessible on December 7, potentially due to a law enforcement takedown operation. Cisco reported BlackCat as the second most active ransomware group of the year.

Norton Healthcare clarified that they did not comply with the ransom demands.