A ransomware attack in May exposed 2.5 million patients of hospitals connected to healthcare giant Norton Healthcare.
In notices submitted to regulators in Maine and California last week, the company said it discovered the attack on May 9 and later confirmed that it was dealing with a ransomware incident.
The company said the data of current and former patients, employees, as well as employee dependents and beneficiaries were leaked as a result of the attack.
Impacted data includes names, contact information, Social Security numbers, dates of birth, health information, insurance information, and medical identification numbers.
Driver's license numbers and other government ID numbers, financial account numbers, and digital signatures were also affected in some instances, the company explained.
Norton Healthcare is based in Louisville and runs eight hospitals in Kentucky and Indiana.
The hospital said it reported the incident to federal law enforcement agencies and began an investigation that is still ongoing.
The company is one of the largest employers in Kentucky.
Victims are being offered 24 months of identity protection services.
The attack was claimed on May 25 by the AlphV/Black Cat ransomware gang, which posted lengthy updates criticizing the company for refusing to pay a ransom.
The gang claims it stole 4.7 terabytes of data that included information on thousands of employees.
In addition to personal information like Social Security numbers, the gang claimed to have clinical imaging data and photos.
The gang - which previously leaked patient photos from another U.S. hospital - is reportedly facing increased law enforcement scrutiny following several high-profile incidents in 2023.
Ransomware attacks on healthcare facilities in the U.S. have forced federal agencies to take a closer look at potential actions that can be taken to address cybersecurity.
Last week, a ransomware gang took credit for an attack on Tri-City Medical Center - which forced the San Diego hospital on November 9 to take its systems offline, halt elective procedures and take other actions in light of the damaging attack.
The hospital was only able to return to full functionality on December 2.
Ransomware attacks on Capital Health, Ardent Health Services and Prospect Medical Holdings this year left dozens of hospitals scrambling to provide patient care amid near-catastrophic technology outages.
Recorded Future - the parent company of The Record - reported at least 19 ransomware attacks on healthcare facilities last month and steep increases in incidents throughout 2023.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.
This Cyber News was published on therecord.media. Publication date: Mon, 11 Dec 2023 22:05:09 +0000