Kentucky well being system Norton Healthcare has confirmed {that a} ransomware assault in Might uncovered private data belonging to sufferers, workers, and dependents.
Norton Healthcare serves grownup and pediatric sufferers in additional than 40 clinics and hospitals throughout Higher Louisville, Southern Indiana, and the Commonwealth of Kentucky.
With over 20,000 workers, greater than 1,750 employed medical suppliers, and over 3,000 whole suppliers on its medical workers, Norton Healthcare is Louisville’s second-largest employer, with greater than 140 areas all through Higher Louisville and Southern Indiana.
“On Might 9, 2023, Norton Healthcare found that it was experiencing a cybersecurity incident, later decided to be a ransomware assault,” it stated in a press launch printed on Friday.
“Norton Healthcare notified federal legislation enforcement and instantly started working with a revered forensic safety supplier to research and terminate the unauthorized entry.
“Our investigation decided that an unauthorized particular person(s) gained entry to sure community storage gadgets between Might 7, 2023, and Might 9, 2023, however didn’t entry Norton Healthcare’s medical document system or Norton MyChart.”
The attackers gained entry to a variety of delicate data, together with title, contact data, Social Safety Quantity, date of start, well being data, insurance coverage data, and medical identification numbers.
Norton Healthcare says that, for some people (seemingly workers), the uncovered knowledge might have additionally included monetary account numbers, driver’s licenses or different authorities ID numbers, and digital signatures.
Doubtlessly affected people will obtain two years of free credit score safety providers and extra data in breach notification letters.
Ransomware assault claimed by BlackCat/ALPHV
Whereas Norton Healthcare did not hyperlink the assault to a particular ransomware operation, the assault was claimed in late Might by the ALPHV (BlackCat) gang.
The attackers claimed in an entry added to their darkish net leak web site that they allegedly stole 4.7TB of knowledge from the healthcare system’s compromised techniques, as DataBreaches reported.
The ransomware gang additionally leaked dozens of recordsdata as proof of the breach and knowledge exfiltration, containing some Norton Healthcare sufferers’ Social Safety numbers, financial institution statements, and extra.
BleepingComputer reported in the present day that an ongoing outage affecting ALPHV’s web sites may very well be linked to a legislation enforcement operation.
Norton Healthcare is only one of an extended string of healthcare organizations in the US which have fallen sufferer to ransomware.
As an illustration, healthcare supplier Ardent Well being Companies, which operates 30 hospitals throughout six U.S. states, additionally disclosed final month that it was hit by a ransomware assault.
Since final 12 months, the U.S. authorities has issued a number of cautionary advisories relating to ransomware assaults concentrating on healthcare establishments nationwide.
One such advisory got here from the safety crew on the U.S. Division of Well being and Human Companies (HHS) about ransomware operations like Royal, Venus, Maui, and Zeppelin concentrating on Healthcare and Public Well being (HPH) organizations.
In October 2022, the Cybersecurity and Infrastructure Safety Company (CISA), Federal Bureau of Investigation (FBI), and the HHS notified hospitals concerning the Daixin Crew cybercrime gang’s lively concentrating on of healthcare services in ransomware assaults.
