Connect with us

Hi, what are you looking for?


Data Breaches

Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen

Compromised data includes names, dates of birth, Social Security numbers, health and insurance information, and driver’s license numbers.

Kentucky healthcare organization Norton Healthcare is informing about 2.5 million individuals that their personal information was compromised in a ransomware data extortion hack earlier this year.

The incident was identified on May 9, 2023, and involved unauthorized access to certain network storage systems for two days, the company said.

The Louisville-based Norton Norton Healthcare, which runs 140 locations in Greater Louisville and Southern Indiana, said it determined that the attackers exfiltrated files containing the personal information of current and former patients and employees, and dependents.

In mid-November, Norton Healthcare determined that the compromised information included names, contact information, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers.

“In some instances, the data may also have included driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures,” the organization said in an incident notice posted on its website.

According Norton Healthcare, its medical record system and the Norton MyChart application service (which allows patients to access their medical records from their mobile devices) were not affected.

While the notice did not say how many individuals were affected, Norton Healthcare informed the Maine Attorney General’s Office that the attackers stole the personal information of 2.5 million individuals.

The organization said that it did not pay the ransom demands.

Advertisement. Scroll to continue reading.

In May 2023, shortly after the incident occurred, the BlackCat/Alphv ransomware group claimed responsibility for the incident, threatening to leak roughly 4.7 terabytes of data allegedly stolen from Norton Healthcare.

The Tor-based BlackCat/Alphv leak site has been inaccessible since December 7, following what is believed to be a law enforcement takedown operation. According to Cisco, BlackCat was the second most active ransomware group this year.

Related: Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach

Related: Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko

Related: Ransomware Gang Takes Credit for February Reddit Hack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.