Kentucky-based non-profit healthcare system Norton Healthcare has confirmed that hackers accessed the non-public information of tens of millions of sufferers and staff throughout an earlier ransomware assault.
Norton operates greater than 40 clinics and hospitals in and round Louisville, Kentucky, and is town’s third-largest non-public employer. The group has greater than 20,000 staff, and greater than 3,000 whole suppliers on its medical workers, in accordance with its web site.
In a submitting with Maine’s legal professional normal on Friday, Norton stated that the delicate information of roughly 2.5 million sufferers, in addition to staff and their dependents, was accessed throughout its Could ransomware assault.
In a letter despatched to these affected, the non-profit stated that hackers had entry to “sure community storage units between Could 7 and Could 9,” however didn’t entry Norton Healthcare’s medical file system or Norton MyChart, its digital medical file system.
However Norton admitted that following a “time-consuming” inside investigation, which the group accomplished in November, Norton discovered that hackers accessed a “wide selection of delicate data,” together with names, dates of beginning, Social Safety numbers, well being and insurance coverage data, and medical identification numbers.
Norton Healthcare says that, for some people, the uncovered information might have additionally included monetary account numbers, driver’s licenses or different authorities ID numbers, in addition to digital signatures.
It’s not recognized if any of the accessed information was encrypted.
Norton says it notified regulation enforcement concerning the assault and confirmed it didn’t pay any ransom fee. The group didn’t title the hackers liable for the cyberattack, however the incident was claimed by the infamous ALPHV/BlackCat ransomware gang in Could, in accordance with data breach information website DataBreaches.web, which reported that the group claimed it exfiltrated virtually 5 terabytes of information. information.killnetswitch couldn’t verify this because the Alphv web site was inaccessible on the time of writing.
Norton Healthcare is only one of many U.S.-based healthcare organizations to expertise a data breach impacting tens of millions of people this yr.
Based on the HHS data breach portal, U.S. healthcare supplier HCA Healthcare skilled the biggest healthcare data breach in 2023 up to now after hackers posted the delicate information of roughly 11 million sufferers on a widely known cybercrime discussion board.
Perry Johnson & Associates, or PJ&A, a Nevada-based medical transcription service, skilled the second largest healthcare data breach after a cyberattack noticed the delicate information of just about 9 million sufferers uncovered. This was adopted by a breach at U.S. dental big Managed Care of North America (MCNA), which impacted 8.9 million of the group’s shoppers.