Kentucky healthcare organization Norton Healthcare is informing about 2.5 million individuals that their personal information was compromised in a ransomware data extortion hack earlier this year.
The incident was identified on May 9, 2023, and involved unauthorized access to certain network storage systems for two days, the company said.
The Louisville-based Norton Norton Healthcare, which runs 140 locations in Greater Louisville and Southern Indiana, said it determined that the attackers exfiltrated files containing the personal information of current and former patients and employees, and dependents.
In mid-November, Norton Healthcare determined that the compromised information included names, contact information, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers.
“In some instances, the data may also have included driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures,” the organization said in an incident notice posted on its website.
According Norton Healthcare, its medical record system and the Norton MyChart application service (which allows patients to access their medical records from their mobile devices) were not affected.
While the notice did not say how many individuals were affected, Norton Healthcare informed the Maine Attorney General’s Office that the attackers stole the personal information of 2.5 million individuals.
The organization said that it did not pay the ransom demands.
In May 2023, shortly after the incident occurred, the BlackCat/Alphv ransomware group claimed responsibility for the incident, threatening to leak roughly 4.7 terabytes of data allegedly stolen from Norton Healthcare.
The Tor-based BlackCat/Alphv leak site has been inaccessible since December 7, following what is believed to be a law enforcement takedown operation. According to Cisco, BlackCat was the second most active ransomware group this year.