Kentucky healthcare organization Norton Healthcare is informing about 2.5 million individuals that their personal information was compromised in a ransomware data extortion hack earlier this year.
The incident was identified on May 9, 2023, and involved unauthorized access to certain network storage systems for two days, the company said.
The Louisville-based Norton Norton Healthcare, which runs 140 locations in Greater Louisville and Southern Indiana, said it determined that the attackers exfiltrated files containing the personal information of current and former patients and employees, and dependents.
In mid-November, Norton Healthcare determined that the compromised information included names, contact information, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers.
According Norton Healthcare, its medical record system and the Norton MyChart application service were not affected.
While the notice did not say how many individuals were affected, Norton Healthcare informed the Maine Attorney General's Office that the attackers stole the personal information of 2.5 million individuals.
The organization said that it did not pay the ransom demands.
In May 2023, shortly after the incident occurred, the BlackCat/Alphv ransomware group claimed responsibility for the incident, threatening to leak roughly 4.7 terabytes of data allegedly stolen from Norton Healthcare.
The Tor-based BlackCat/Alphv leak site has been inaccessible since December 7, following what is believed to be a law enforcement takedown operation.
According to Cisco, BlackCat was the second most active ransomware group this year.
This Cyber News was published on www.securityweek.com. Publication date: Mon, 11 Dec 2023 16:13:04 +0000