Skip to main content
close search
site logo
Dive Brief

Norton Healthcare ransomware attack exposes 2.5M people

Ransomware attacks are soaring in the healthcare sector, impacting more than 88 million people in the first 10 months of 2023, according to HHS.

Published Dec. 11, 2023
Matt Kapko's headshot
Senior Reporter
A medical team takes a patient into the isolation ward in the emergency department of a full-service acute hospital facility.
A medical team takes a patient into the isolation ward in the emergency department of a full-service acute hospital facility. Lisa Maree Williams via Getty Images

Dive Brief:

  • Norton Healthcare said sensitive data on 2.5 million people was exposed by a ransomware attack in May, the clinic and hospital group said Friday in a data breach notification filed with Maine’s attorney general.
  • Norton Healthcare discovered the cyberattack on May 9, which it later determined was ransomware. The threat actors had access to some network storage devices between May 7 - 9, but the healthcare group’s medical record system was not compromised, the company said in the filing.
  • An investigation into the attack, which was completed in mid-November, determined names, contact information, Social Security numbers, dates of birth, health and insurance information, and medical ID numbers were compromised.

Dive Insight:

Ransomware attacks against healthcare organizations are up 278% in the past four years, the Department of Health and Human Services said in late October. “The large breaches reported this year have affected over 88 million individuals, a 60% increase from last year,” the agency said.

Healthcare organizations are widely targeted by ransomware actors because of the sensitive data they hold and the critical services they provide. This makes downtime a potentially life-or-death situation for patients and increases pressure on victims to pay extortion demands.

At least 36 U.S. healthcare systems spanning 130 hospitals have been impacted by ransomware attacks this year, according to Brett Callow, threat analyst at Emsisoft.

Kentucky-based Norton Healthcare operates 8 hospitals and 40 clinics with more than 20,000 employees and 3,000 medical providers, according to its website.

Norton Healthcare said it did not make a ransom payment and has not detected any additional indicators of compromise since it began restoring its systems from backups on May 10.

The delayed disclosure, seven months after the intrusion was detected, underscores the complicated nature of post-incident investigations.

The process of reviewing potentially exfiltrated documents to identify which individuals and types of data were impacted “proved to be time consuming,” Norton Healthcare said.

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell