Norton Healthcare employee, patient information exposed in hack | WDRB Investigates | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

LOUISVILLE, Ky. (WDRB) — Social security numbers, bank information and mammogram images were among the sensitive documentation leaked online six weeks ago when hackers targeted Norton Healthcare.

The nonprofit Louisville health system continues not to answer when asked if patient or employee information was compromised in what it has called a “cyber event” that took place May 9. Norton said it’s working with the FBI to investigate the incident.

But employees’ names, social security numbers and birth dates as well as patients’ personal information, credit card numbers and medical history are contained in documents available publicly on the dark web, a corner of the internet accessible via specialized web browsers.

The documents show a large amount of Norton’s financial information, including operating accounts and payroll accounts with a balance of tens of millions of dollars, credit card information, confidentiality agreements, patient imaging orders, vendor and bank information and business invoices.

The May 9 “cyber event” has been the subject of speculation for weeks as the company works to recover its information and patients struggle to obtain prescriptions and schedule appointments. One patient worried about mammograms being lost in the hack said Norton told her that mammogram archives are still in the system but may not be available for comparison right now.

Kevin Kays said he’s run into issues getting things taken care of for his 13-year-old son, Byron.

“I’m trying to understand why there isn’t any communication, why they’re still having these issues,” Kays said, adding that he is considering changing health care providers. “Nobody has told me anything from Norton. No one has told me anything about what the problem was.”

Kays also worries his family’s personal information was released in the hack.

“If someone took the time to get in there, both of my children’s personal information is with Norton,” he said. “I don’t want to have their information used for identity theft or some kind of fraud.”

Several cyber security websites say a hacker group called BlackCat has claimed responsibility for the attack and leaked files as proof. Earlier this year, the U.S. Department of Health and Human Services released a presentation warning about BlackCat Ransomware and its threat to the health sector. HHS said BlackCat — which is relatively new and was first detected in November 2021 — has demanded ransoms as high as $1.5 million and uses what’s called “bulletproof hosting for their websites and a Bitcoin mixer” to make transactions anonymous.

In a recent public announcement, BlackCat — which is sometimes referred to as ALPHV — said Norton failed to protect confidential data, adding that the company is making false statements in the news.

“We have provided more than enough time to Norton’s Executive Board Members but they’ve failed to show bravery to protect privacy of their clients and employees,” the statement said.

Renee Murphy, a Norton spokeswoman, said in a written statement Thursday that they’ve been made aware that BlackCat claimed responsibility for the hack and that they continue to investigate and cooperate with law enforcement.

“The investigation into the May 9, 2023 cyber event is ongoing,” Murphy said. “Norton Healthcare is working with leading cyber security experts on this review and the FBI is involved. We are dedicating significant resources to assessing the impact of the incident. More information will be available upon the conclusion of the investigation.” In May, Norton said it “proactively” took down network systems after employees noticed suspicious activity and received a fax containing threats and demands.

A blue box on the home page of Norton’s website says the event “remains under investigation. We continue to bring systems back online and are closer to resuming all operations.”

Norton’s last update about the incident was posted May 24, nearly a month ago.

In the weeks following the attack, Norton acknowledged that patients were experiencing “long wait times” when trying to reach offices by phone as well as “delays in network-related capabilities” such as imaging, lab and test results, prescription fulfillment and messaging through MyChart, the system’s electronic medical records software.

Norton is a health care giant serving about 600,000 patients per year with about $4.7 billion in assets, including five hospitals and eight outpatient centers. The system also operates 18 urgent care clinics and 289 doctors’ offices. Norton brought in $3.6 billion in revenue in 2022.

Related Stories:

Copyright 2023 WDRB Media. All Rights Reserved.

If you have information about a story you think the WDRB Investigates Team should look into, you can email [email protected] or call the WDRB Investigates line at 502-322-1297.


Click Here For The Original Story From This Source.

National Cyber Security