Norton Healthcare ransomware attack exposes 2.5M people
Norton Healthcare ransomware attack exposes 2.5M people
Healthcare Dive
December 11, 2023
Norton Healthcare said sensitive data on 2.5 million people was exposed by a ransomware attack in May, the clinic and hospital group said Friday in a data breach notification filed with Maine’s attorney general. Norton Healthcare discovered the cyberattack on May 9, which it later determined was ransomware. The threat actors had access to some network storage devices between May 7–9, but the healthcare group’s medical record system was not compromised, the company said in the filing. An investigation into the attack, which was completed in mid-November, determined names, contact information, Social Security numbers, dates of birth, health and insurance information, and medical ID numbers were compromised. .... [Kentucky-based] Norton Healthcare said it did not make a ransom payment and has not detected any additional indicators of compromise since it began restoring its systems from backups on May 10. The delayed disclosure, seven months after the intrusion was detected, underscores the complicated nature of post-incident investigations.