Norton Reveals Cyberattack Resulted in Theft of Millions of Patients’ Data

Norton Healthcare Confirms Ransomware Attack Exposed Data Of 2.5 Million Persons

Kentucky-based Norton Healthcare confirmed a ransomware attack that accessed personal patient and employee data. More than 40 Norton clinics and hospitals were affected.

Norton stated that approximately 2.5 million people had their sensitive data compromised during the May attack. The healthcare system acknowledged a range of personally identifiable information was accessed, including, but not limited to, names, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers.

It is not known if the accessed data was encrypted. Norton healthcare did not pay any ransom, nor did they confirm who was responsible, though the ALPHV/BlackCat ransomware gang claimed responsibility in May. The organization maintains that no patient medical records or MyChart information was exposed.

The data breach incident is one of many targeting U.S.-based healthcare organizations, with the Department of Health and Human Services noting a significant increase in large breaches and ransomware attacks over the past four years. As of 2023, the federal HHS reported that over 88 million individuals were affected by reported data breaches, representing a 60% increase compared to 2022 breaches.

Two of the largest healthcare data breaches in 2023 impacted HCA Healthcare, with approximately 11 million patients’ data exposed, and Perry Johnson & Associates, with nearly nine million patients’ information compromised.