Mar 8, 2024

U.S. Healthcare Giant Norton Suffers Ransomware Attack That Leaves 2.5 Million Patients Exposed

U.S. Healthcare Giant Norton Suffers Ransomware Attack That Leaves 2.5 Million Patients Exposed - healthcare data breach

Earlier this month, Norton Healthcare, Inc. (Norton Healthcare), the Kentucky-based nonprofit healthcare system, confirmed that hackers accessed the personal data of millions of patients and employees during a ransomware attack earlier this year. In a filing with Maine's attorney general, the medical company explained that the sensitive data of approximately 2.5 million patients, as well as employees and their dependents, was accessed during a ransomware attack it experienced in May. 

Norton Healthcare sent letters out to those affected on December 8th, where it explained that the sensitive data of approximately 2.5 million patients, as well as employees and their dependents, was accessed during a "cybersecurity incident," where it would later be determined as a ransomware attack. In the letter, Norton Healthcare said that hackers had access to "certain network storage devices between May 7th and May 9th" but did not access Norton Healthcare's medical record system or Norton MyChart, its electronic medical record system.

Following an internal investigation completed in mid-November, Norton found that hackers accessed a "wide range of sensitive information," including some or all of the following: names, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers. It went on to say that for certain individuals, the exposed data may have also included "driver's license numbers or other government ID numbers, financial account numbers, and digital signatures."

Norton Healthcare said it reported the incident to law enforcement and confirmed it did not pay any ransom. The medical company did not disclose the name of the group responsible for the attack. While the ransomware group ALPHV/BlackCat has claimed responsibility for the cyber attack, there have been no official verifications of whether the group is responsible. A copy of the notice to affected Maine residents can be found here

Norton Healthcare is based in and around Louisville, Kentucky, operating over 40 clinics and hospitals and employs more than 20,000 medical staff, including over 1,750 employed medical providers and more than 3,000 total providers, making it Louisville's second-largest employer.

Norton Is the Most Recent Hospital To Suffer a Data Breach

Norton is just one of many U.S.-based healthcare organizations to experience a data breach that has impacted millions of individuals this year. In the last year, hundreds of medical companies in the United States and around the globe have had their data accessed due to the MOVEit data breach. The MOVEit is a file transfer platform created by Progress Software Corporation, is an American public company that offers software for creating and deploying business applications. 

The file transfer program is used by thousands of governments, financial institutions, and other public and private sector bodies worldwide to send and receive large amounts of often sensitive data, including pension information, social security numbers, medical records, and billing data. Earlier this year, in May, companies noticed their data had been accessed by a third party, later identified as the Russian-linked Cryptomix ransomware group CL0p. 

According to the Federal Bureau of Investigation, Cl0p has accessed stored information, including addresses, authorization information, claim information, dates of birth, names, social security numbers, and more from the MOVEit system. Ransomware is a type of malware (malicious software) designed to deny access to a user's data, usually by encrypting the data with a key known only to the hacker who deployed the malware until a ransom is paid. 

Using this stolen information from the MOVEit transfer program, Cl0p has been able to demand ransom from the companies it has targeted. You can read more about the MOVEit data breach here


Research Shows Data Breaches Are Up by 60%

According to the U.S. Department of Health and Human Services (HHS) in an address this past October, it claims in the last four years, there has been a 239% increase in large breaches reported to the Office for Civil Rights (OCR) that involve hacking, as well as a 278% increase in ransomware attacks. HHS continued to predict that as the trends in hacking continue, in combination with the larger breaches already reported this year that affected 88 million individuals, overall breaches have already increased by 60% as compared to 2022. 

As found on the HHS data breach portal, U.S. healthcare provider HCA Healthcare experienced the largest healthcare data breach in 2023, where approximately 11 million patients had their private information posted on a well-known cybercrime forum. Other companies, like Perry Johnson & Associates and Managed Care of North America, Inc., follow close behind, with each company having nearly nine million patients' personal information exposed.


What You Can Do To Keep Your Information Safe After a Breach

Affected individuals have the option to monitor their credit using free online credit reporting tools provided by credit unions like Equifax, Experian, and Transunion, who offer one free credit check a year. For more frequent credit monitoring, Intuit Credit Karma grants users daily access and alerts to their credit free of cost. If you have experienced or discovered fraudulent activity on your credit or banking accounts, you may contact the Federal Trade Commission (FTC), your state's Attorney General's office, or law enforcement to report incidents of identity theft. 

Under the Fair Credit Reporting Act, victims have the right to be told if information in their credit file has been used against them, the right to know what is in their credit file, the right to ask for their credit score, and the right to dispute incomplete or inaccurate information. We highly advise victims who have discovered any fraudulent activity to request a credit freeze, which can be provided by any of the previously listed credit unions. To learn more information on what steps you can take to protect yourself from identity theft, visit the FTC's websites at


Contact a Data Breach Attorney

At Morgan & Morgan, our data breach attorneys can help you navigate the chaos that can ensue after you discover that your information was leaked due to a data breach. With over 35 years of service and a vast network of attorneys and legal experts, when you work with us, we'll ensure you have the best case possible when seeking justice. For more information behind the most recent healthcare data breach or if you believe you have been affected, contact our law office today to receive a free case evaluation from a data breach attorney.