Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees and dependents.
Norton Healthcare serves adult and pediatric patients in more than 40 clinics and hospitals throughout Greater Louisville, Southern Indiana and the Commonwealth of Kentucky.
With more than 20.000 employees, more than 1.750 employed medical providers and more than 3.000 total providers on its medical staff, Norton Healthcare is Louisville's second largest employer, with more than 140 locations throughout Greater Louisville and Southern Indiana.
"On May 9, 2023, Norton Healthcare discovered that it was experiencing a cybersecurity incident, which was later determined to be a ransomware attack," he said in a press release issued Friday.
“Norton Healthcare notified federal law enforcement and immediately began working with a respected forensic security provider to investigate and terminate the unauthorized access.
"Our investigation found that an unauthorized person gained access to certain network storage devices between May 7, 2023 and May 9, 2023, but did not access Norton Healthcare's medical records system or Norton MyChart."
The attackers gained access to a wide range of sensitive information, including name, contact information, Social Security Number, date of birth, health information, insurance information and medical identification numbers.
Norton Healthcare says that, for some individuals (possibly employees), the exposed data may have also included financial account numbers, driver's licenses or other government identification numbers, and digital signatures.
Potentially affected individuals will receive two years of free credit protection services and additional information in breach notification letters.
While Norton Healthcare did not link the attack to a specific ransomware operation, the attack was claimed in late May by the ALPHV (BlackCat) gang.
Οι επιτιθέμενοι ισχυρίστηκαν σε μια καταχώριση που προστέθηκε στον ιστότοπό τους με leakage σκοτεινού ιστού ότι φέρεται να έκλεψαν 4,7 TB δεδομένων από τα παραβιασμένα συστήματα του συστήματος υγειονομικής περίθαλψης, καθώς Data breaches have been reported.
The ransomware gang also leaked dozens of files as evidence of the breach and data infiltration, containing Norton Healthcare patients' social security numbers, bank statements and more.
BleepingComputer reported today that an ongoing outage affecting ALPHV's websites could be linked to a law enforcement operation.
Norton Healthcare is just one of them largehealthcare organizations in the United States that have fallen victim to ransomware.
For example, healthcare provider Ardent Health Services, which operates 30 hospitals in six US states, also disclosed last month that it was hit by a ransomware attack.
Since last year, the US government has issued multiple warning advisories about ransomware attacks targeting healthcare institutions across the country.
One such advisory came from the US Department of Health and Human Services (HHS) security team regarding ransomware operations such as Royal, Venus, Maui and Zeppelin targeting Health and Public Health (HPH) organizations.
Τον Οκτώβριο του 2022, η Υπηρεσία Κυβερνοασφάλειας και Ασφάλειας Υποδομών (CISA), το Ομοσπονδιακό Office Ερευνών (FBI) και το HHS ειδοποίησαν τα νοσοκομεία σχετικά με την ενεργό στόχευση της συμμορίας του κυβερνοεγκλήματος της ομάδας Daixin Team σε εγκαταστάσεις υγειονομικής περίθαλψης σε επιθέσεις ransomware.