Tag Archive for: norton

Attorney weighs in on Norton ransomware attack letter

/in


LOUISVILLE, Ky. — Many Kentuckians recently got a letter in the mail from Norton Healthcare that said their personal information may have been stolen in a cyber attack.

What You Need To Know

  • Around 2.5 million people received a letter informing them their information may have been stolen in a ransomware attack on Norton Healthcare

  • The hospital system sent out the letter more than half a year after it discovered the attack

  • Norton said it took time to analyze the breach

  • A prominent attorney with Morgan & Morgan said waiting months to notify impacted patients is a problem because it leaves them at risk without notification that they need to protect themselves

It has been more than half a year since the Louisville-based hospital system first reported what it at the time called a “cyber event.”

Attorney John Yanchunis, who leads Morgan & Morgan’s consumer class action practice, said waiting that long to inform patients about the breach is a “real problem.”

“Obviously, a company following a breach will investigate,” Yanchunis said. “By law, most states require notification to the consumer within 30 days. There will be probably repercussions to the entity for having delayed. The problem with that is that consumers not having received timely notice aren’t put on notice that they need to protect themselves.”

According to Norton Healthcare, the letter was sent to around 2.5 million people. The letter said an unauthorized individual got access to the company’s network storage devices between May 7-9.

It said information obtained in the breach could include a patient’s name, birth date, social security number, driver’s license number, contact information, health records, financial account numbers and even digital signatures, along with other personal and identifying information.

At the time of the hacking, Norton had to take its network offline, as it received a fax with threats and demands. The company worked with forensic investigators. The letter said the breach took time to analyze.

In the letter, Norton offers two years of credit monitoring for patients who may have been affected through Kroll. The company provides credit monitoring services; however,

Source…

Patient files class action lawsuit against Norton Healthcare over ransomware attack

/in


In the lawsuit, the patient claims that Norton failed to secure and safeguard hers and around 2.5 million other people's personal information.

In the lawsuit, the patient claims that Norton failed to secure and safeguard hers and around 2.5 million other people’s personal information.

Source…

Norton Healthcare Discloses Data Breach Following May Ransomware Attack

/in


Norton Healthcare has officially confirmed a data breach following a ransomware attack that occurred in May 2023. The breach exposed sensitive personal information belonging to patients, employees, and their dependents across the Greater Louisville area, Southern Indiana, and the Commonwealth of Kentucky.

Norton Healthcare, which operates over 40 clinics and hospitals, serves both adult and pediatric patients and is the second-largest employer in Louisville with more than 20,000 employees.

The cybersecurity incident was discovered on May 9, 2023, prompting Norton Healthcare to engage federal law enforcement and a forensic security provider to investigate and halt unauthorized access. The breach involved unauthorized access to certain network storage devices between May 7 and May 9, 2023. Fortunately, the attackers did not access Norton Healthcare’s medical record system or Norton MyChart.

Also see: Best Ransomware Protection Tools

The compromised data includes a range of sensitive information such as names, contact details, Social Security Numbers, dates of birth, health information, insurance details, and medical identification numbers. For some individuals, particularly employees, the exposed data may also include financial account numbers, driver’s licenses or other government ID numbers, and digital signatures.

The ransomware attack was claimed by the BlackCat/ALPHV gang in late May. The group is alleged to have stolen 4.7 terabytes of data from Norton Healthcare’s systems, as reported by DataBreaches. Proof of the breach, including Social Security numbers and bank statements of some patients, was leaked on the dark web by the attackers.

Affected individuals will be notified and offered two years of free credit protection services, as well as additional information in breach notification letters.

It is worth noting that Norton Healthcare is the latest in a series of healthcare organizations in the United States that have fallen victim to ransomware attacks. The ALPHV gang’s websites are currently experiencing an outage, which BleepingComputer suggests may be connected to a law enforcement operation.

This incident underscores the ongoing threat to healthcare institutions from…

Source…

Norton Healthcare disclosed a data breach after ransomware attack

/in


Norton Healthcare disclosed a data breach after a ransomware attack

Pierluigi Paganini
December 09, 2023

Kentucky health system Norton Healthcare disclosed a data breach after it was a victim of a ransomware attack in May.

Norton Healthcare disclosed a data breach after a ransomware attack that hit the organization on May 9, 2023. The security breach exposed personal information belonging to patients, employees, and dependents. The health system notified federal law enforcement and launched an investigation into the incident with the help of a leading forensic security provider.

Norton Healthcare is a healthcare system based in Louisville, Kentucky (US). It is a leading provider of health services and medical care in the region. Norton Healthcare operates a network of hospitals, medical centers, physician practices, and other healthcare facilities.

Norton Healthcare operates more than 40 clinics and hospitals in and around Louisville, Kentucky.

“On May 9, 2023, Norton Healthcare discovered that it was experiencing a cybersecurity incident, later determined to be a ransomware attack.” reads the notice of security incident. “Our investigation determined that an unauthorized individual(s) gained access to certain network storage devices between May 7, 2023, and May 9, 2023, but did not access Norton Healthcare’s medical record system or Norton MyChart.”

Threat actors gained access to files containing personal information of patients, employees, and dependents. The compromised information varied for each person and could have included: name, contact information, Social Security Number, date of birth, health information, insurance information, and medical identification numbers.  In some instances, the exposed data may have included driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures.

Norton Healthcare is offering impacted individuals two years of credit monitoring.

On May 25, 2023, the AlphV/BlackCat group claimed responsibility for the attack. BlackCat claimed to have exfiltrated 4.7 TB of data and leaked dozens of files as proof of the hack.

At the time of this writing the dark web leak site of the…

Source…