Data Breaches

Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen

Compromised data includes names, dates of birth, Social Security numbers, health and insurance information, and driver’s license numbers.

Published

Compromised data includes names, dates of birth, Social Security numbers, health and insurance information, and driver’s license numbers.

Kentucky healthcare organization Norton Healthcare is informing about 2.5 million individuals that their personal information was compromised in a ransomware data extortion hack earlier this year.

The incident was identified on May 9, 2023, and involved unauthorized access to certain network storage systems for two days, the company said.

The Louisville-based Norton Norton Healthcare, which runs 140 locations in Greater Louisville and Southern Indiana, said it determined that the attackers exfiltrated files containing the personal information of current and former patients and employees, and dependents.

In mid-November, Norton Healthcare determined that the compromised information included names, contact information, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers.

“In some instances, the data may also have included driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures,” the organization said in an incident notice posted on its website.

According Norton Healthcare, its medical record system and the Norton MyChart application service (which allows patients to access their medical records from their mobile devices) were not affected.

While the notice did not say how many individuals were affected, Norton Healthcare informed the Maine Attorney General’s Office that the attackers stole the personal information of 2.5 million individuals.

The organization said that it did not pay the ransom demands.

Advertisement. Scroll to continue reading.

In May 2023, shortly after the incident occurred, the BlackCat/Alphv ransomware group claimed responsibility for the incident, threatening to leak roughly 4.7 terabytes of data allegedly stolen from Norton Healthcare.

The Tor-based BlackCat/Alphv leak site has been inaccessible since December 7, following what is believed to be a law enforcement takedown operation. According to Cisco, BlackCat was the second most active ransomware group this year.

Related: Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach

Related: Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko

Related: Ransomware Gang Takes Credit for February Reddit Hack

In this article:, , ,

Related Content

Ransomware

Cybercrime

Anatomy of a BlackCat Attack Through the Eyes of Incident Response

Incident response experts at Sygnia provide a detailed blow-by-blow of a BlackCat ransomware attack and share tips for survival.

March 6, 2024

Data Breaches

Ransomware Group Takes Credit for LoanDepot, Prudential Financial Attacks

The BlackCat/Alphv ransomware group has taken credit for the LoanDepot and Prudential Financial attacks, threatening to sell or leak data.

February 19, 2024

Ransomware

US Offers $10 Million for Information on BlackCat Ransomware Leaders

The US announces a $10 million reward for information on key members of the Alphv/BlackCat ransomware group.

February 16, 2024

Uncategorized

HMG Healthcare Says Data Breach Impacts 40 Facilities

The compromised information includes names, contact information, dates of birth, health information, medical treatment details, Social Security numbers, and employee records.

January 10, 2024

Ransomware

US Gov Disrupts BlackCat Ransomware Operation; FBI Releases Decryption Tool

The US government announced the disruption of the notorious BlackCat ransomware-as-a-service operation and released a decryption tool to help organizations recover hijacked data.

December 19, 2023

Ransomware

Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website

The leak website of the notorious BlackCat/Alphv ransomware group has been offline for days and law enforcement is reportedly behind the takedown.

December 11, 2023

Data Breaches

Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database

The hijacked data includes driver’s license numbers and/or social security numbers from a Caesars Entertainment loyalty database.

September 14, 2023

Cybercrime

Ransomware Gang Takes Credit for February Reddit Hack

The Alphv/BlackCat ransomware gang has taken responsibility for the February cyberattack that hit social media site Reddit.

June 19, 2023

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version