Healthcare company Norton says a May breach led to the theft of data of around 2.5 million of its patients, as well as employees and their dependents.
Norton has more than 40 clinics and hospitals in and around Louisville, Kentucky. In a filing with Maine’s attorney general on Friday, Norton said that on May 9, 2023, it discovered an “external system breach.” While the attackers were in the system, Norton says, the sensitive data of the patients, and employees and their dependents was accessed.
In a security incident notice as well as the letter that was sent to potential victims, Norton said the attackers accessed certain network storage devices, but did not access Norton Healthcare’s medical record system or Norton MyChart, its electronic medical record system.
The leaked information included names, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers. Some people also had their financial account numbers, driver licenses or other government ID numbers, and digital signatures also taken.
While Norton never called the incident a ransomware attack, according to databreaches.net the attack was claimed by ALPHV/BlackCat. We could not confirm this, since at the time of writing, the ALPHV leak site is recovering from an outage due to problems with their hosting provider.
Norton says it told law enforcement about the attack and confirmed it did not pay any ransom payment. ALPHV claims to have extracted 4.7 TB worth of data and posted dozens of files as proof to get negotiations underway.
ALPHV is one of the most active ransomware-as-a-service (RaaS) operators and regularly appears in our monthly ransomware reviews as one of the top five most active groups. Recently they made headlines when one of their affiliates, known as Scattered Spider attacked MGM. They also filed a SEC complaint about one of their victims for failing to disclose a breach.
Our podcast host David Ruiz talked to ransomware expert Allan Liska about the why of the SEC complaint.
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
We don't just report on threats - we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family's—personal information by using Malwarebytes Identity Theft Protection.