Kentucky healthcare giant says 2.5 million people affected by May ransomware attack

Jason Macuray
A ransomware attack in May exposed 2.5 million patients of hospitals connected to healthcare giant Norton Healthcare.

A ransomware attack in May exposed 2.5 million patients of hospitals connected to healthcare giant Norton Healthcare.

In notices submitted to regulators in Maine and California last week, the company said it discovered the attack on May 9 and later confirmed that it was dealing with a ransomware incident.

After an investigation, the company said the data of current and former patients, employees, as well as employee dependents and beneficiaries were leaked as a result of the attack. Impacted data includes names, contact information, Social Security numbers, dates of birth, health information, insurance information, and medical identification numbers.

Driver’s license numbers and other government ID numbers, financial account numbers, and digital signatures were also affected in some instances, the company explained.

Norton Healthcare is based in Louisville and runs eight hospitals in Kentucky and Indiana. The hospital said it reported the incident to federal law enforcement agencies and began an investigation that is still ongoing. The company is one of the largest employers in Kentucky.

The hackers had access “to certain network storage devices” from May 7 to May 9. Victims are being offered 24 months of identity protection services. A call center was created for those with questions.

The attack was claimed on May 25 by the AlphV/Black Cat ransomware gang, which posted lengthy updates criticizing the company for refusing to pay a ransom.

The gang claims it stole 4.7 terabytes of data that included information on thousands of employees. In addition to personal information like Social Security numbers, the gang claimed to have clinical imaging data and photos. The gang — which previously leaked patient photos from another U.S. hospital — is reportedly facing increased law enforcement scrutiny following several high-profile incidents in 2023.

At the time of the attack, the company’s hospitals were forced to revert back to using pen and paper for records after receiving a “faxed communication containing threats and demands.”

Ransomware attacks on healthcare facilities in the U.S. have forced federal agencies to take a closer look at potential actions that can be taken to address cybersecurity.

Last week, a ransomware gang took credit for an attack on Tri-City Medical Center — which forced the San Diego hospital on November 9 to take its systems offline, halt elective procedures and take other actions in light of the damaging attack. The hospital was only able to return to full functionality on December 2.

Ransomware attacks on Capital Health, Ardent Health Services and Prospect Medical Holdings this year left dozens of hospitals scrambling to provide patient care amid near-catastrophic technology outages.

Recorded Future — the parent company of The Record — reported at least 19 ransomware attacks on healthcare facilities last month and steep increases in incidents throughout 2023.

CybercrimePrivacyNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Nearly 130,000 affected by ransomware attack on cold storage company Americold

Next Post

Alleged leader of Kelvin Security hacker gang arrested in Spain

Related Posts

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 – Nov 10)

⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car’s tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn’t fiction; it’s the new cyber reality. Today’s attackers have become so sophisticated that they’re using our trusted tools as secret pathways,
Avatar
Read More

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in
Avatar
Read More