Norton Healthcare took its computer systems offline after detecting suspicious activity on May 9. Spokesperson Renee Murphy said they’ve been reviewing each of those network applications before bringing it back online.
That’s an extensive process and will take more time to complete. Meanwhile, Murphy said some patients’ medical procedures may continue to be rescheduled.
“Any urgent and emergent issues are being addressed and we encourage patients to reach out to their provider as needed,” she told LPM News in a statement Wednesday. “We ask the community’s patience as we continue to work toward full network restoration.”
When the initial cybersecurity problem arose, Murphy said they received a communication making demands. They now believe those demands came from a ransomware group.
“As this matter is under investigation, we are unable to share specifics of the message,” Murphy said in Wednesday’s statement. “We understand the community has many questions. We are working as quickly as we can to provide the information we are able.”
LPM News asked the FBI’s Louisville office about the situation, and a spokesperson declined to comment.
Ransomware involves “taking your data hostage and expecting you to make a payment, usually in cryptocurrencies,” said Roman Yampolskiy, an associate professor of computer science at the University of Louisville.
Attackers might steal personal data and threaten to release it, or they might encrypt data so an organization can’t access it unless they pay the ransom, Yampolskiy said.
“Any big organization is subject to this type of attack,” he said.
LPM News asked Norton officials if they’d confirmed whether patient or employee data was compromised or stolen in the cybersecurity incident last month.
They did not directly answer that particular question in their response, though the statement did answer other questions LPM News sent.
Hannah Neprash, an assistant professor of health economics at the University of Minnesota School of Public Health, recently researched ransomware attacks on health care providers. Her team found such attacks more than doubled between 2016 and 2021.
They identified 374 attacks during that time frame, but she expects there were more that flew under the public radar.
The number of people whose personal information was exposed by those attacks increased elevenfold, said Neprash. Nearly 42 million patients’ personal information was potentially exposed by a ransomware attack over that six-year period.
Neprash said it’s “very common” for health care organizations to take their systems offline when they get hit by ransomware, like Norton did. And it isn’t unusual for that network disruption to last several weeks.
“We find that almost half of these attacks result in some sort of disruption to operations, and the most common disruption is electronic system downtime,” she said.
“When you switch everybody from an electronic health record to paper backups, that’s a huge shift,” Neprash said, as an example of how these tech issues can affect a hospital. “It’s a big change to the workflow.”
Norton providers have still been seeing patients since this situation started last month. Its technological issues have had impacts, though, including rescheduled medical procedures and delays in providing patients with the results of their medical imaging scans.
“The big open question is what happens to patients when there are these disruptions,” Neprash said. “And it’s not hard to imagine that there are ways patients could be harmed.”