Norton Healthcare discloses data breach affecting 2.5M people

A not-for-profit healthcare system with eight hospitals in Kentucky and Indiana has fallen victim to a ransomware attack. Consequently, sensitive data of 2.5 million people was exposed.

Norton Healthcare informed the FBI about the ransomware attack on its systems, and no ransom payment was made.

“An unauthorized individual(s) was able to access certain network storage devices between May 7, 2023, and May 9, 2023, but did not access Norton Healthcare’s medical record system or Norton MyChart.”

The investigation of the attack continued between May and November 2023 to determine the extent and scope of the incident.

Norton Healthcare, based on the available data and out of an abundance of caution, chose to inform current and former patients, employees, and employee dependents about the incident.

The compromised data might include some or all of the following: name, contact information, Social Security Number, date of birth, health information, insurance information, and medical identification numbers. In some instances, the data may also have included driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures.