Norton Ransomware Attack Exposes 2.5 Million Healthcare Patients

U.S. Healthcare Giant Norton Suffers Ransomware Attack That Leaves 2.5 Million Patients Exposed - healthcare data breach

Earlier this month, Norton Healthcare, Inc. (Norton Healthcare), the Kentucky-based nonprofit healthcare system, confirmed that hackers accessed the personal data of millions of patients and employees during a ransomware attack earlier this year. In a filing with Maine's attorney general, the medical company explained that the sensitive data of approximately 2.5 million patients, as well as employees and their dependents, was accessed during a ransomware attack it experienced in May. 

Norton Healthcare sent letters out to those affected on December 8th, where it explained that the sensitive data of approximately 2.5 million patients, as well as employees and their dependents, was accessed during a "cybersecurity incident," where it would later be determined as a ransomware attack. In the letter, Norton Healthcare said that hackers had access to "certain network storage devices between May 7th and May 9th" but did not access Norton Healthcare's medical record system or Norton MyChart, its electronic medical record system.

Following an internal investigation completed in mid-November, Norton found that hackers accessed a "wide range of sensitive information," including some or all of the following: names, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers. It went on to say that for certain individuals, the exposed data may have also included "driver's license numbers or other government ID numbers, financial account numbers, and digital signatures."

Norton Healthcare said it reported the incident to law enforcement and confirmed it did not pay any ransom. The medical company did not disclose the name of the group responsible for the attack. While the ransomware group ALPHV/BlackCat has claimed responsibility for the cyber attack, there have been no official verifications of whether the group is responsible. A copy of the notice to affected Maine residents can be found here

Norton Healthcare is based in and around Louisville, Kentucky, operating over 40 clinics and hospitals and employs more than 20,000 medical staff, including over 1,750 employed medical providers and more than 3,000 total providers, making it Louisville's second-largest employer.