Norton Healthcare Data Breach Affects 2.5 Million People

The prominent healthcare network Norton Healthcare recently fell victim to a substantial cyberattack, resulting in the data breach of over two million individuals. The organization, comprising dozens of clinics and hospitals across Kentucky, announced a significant cybersecurity incident that affected its internal systems.

The incident was classified as a ransomware attack. The company promptly informed the FBI, restored systems from secure backups, and did not concede to any ransom demands.

Norton Healthcare, the third largest private employer in the Louisville area, boasts over 20,000 employees and more than 1,750 physicians. The organization operates in over 140 locations across Louisville and Southern Indiana.

In a statement filed with the Office of the Maine Attorney General on Friday, Norton disclosed that confidential information of approximately 2.5 million individuals was compromised during the May ransomware attack.

In letters sent to those affected, the nonprofit organization reported that hackers had accessed “certain network storage devices between May 7 and May 9,” but did not gain entry into Norton Healthcare’s medical record system.

However, the malefactors did access the personal data of current and former patients, employees, their dependents, and beneficiaries. Stolen data included names, contact information, dates of birth, social security numbers, medical information, insurance details, and medical identification numbers.

Additionally, driver’s license numbers or other government-issued identification numbers, financial account numbers, and digital signatures were also pilfered.

In response, Norton offered the affected individuals complimentary credit monitoring services for two years, along with a suite of identity theft protection services.