December 11, 2023 at 10:54AM
Norton Healthcare, a Kentucky-based healthcare organization, disclosed that 2.5 million individuals had their personal information compromised in a ransomware attack earlier this year. The breach, which occurred in May 2023, involved unauthorized access to network storage systems and exposed sensitive data such as names, contact details, Social Security numbers, and medical information. Norton Healthcare did not pay the ransom demands.
Based on the meeting notes, it is clear that Norton Healthcare experienced a significant data breach earlier this year, resulting in the compromise of personal information of approximately 2.5 million individuals. The breach involved unauthorized access to network storage systems for two days and resulted in the exfiltration of files containing personal information of current and former patients, employees, and dependents. The compromised information includes names, contact information, dates of birth, Social Security numbers, health and insurance information, medical identification numbers, and in some cases, driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures.
Norton Healthcare confirmed that the incident did not affect its medical record system and the Norton MyChart application service. The organization also emphasized that it did not pay the ransom demands made by the BlackCat/Alphv ransomware group, which claimed responsibility for the breach. The BlackCat/Alphv leak site, where the ransomware group threatened to release the stolen data, has been inaccessible since December 7, likely due to a law enforcement takedown operation.
It is worth noting that Norton Healthcare did not specify the number of individuals affected in its public notice, but it did inform the Maine Attorney General’s Office about the compromise of personal information of 2.5 million individuals. Furthermore, it’s important to acknowledge that the BlackCat ransomware group was identified as one of the most active ransomware groups this year by Cisco.
Overall, the incident underscores the growing threat of ransomware attacks and the need for organizations to implement robust cybersecurity measures to protect sensitive data.