Kentucky Health System Confirms Ransomware Attack Impacting 2.5M Individuals

December 11, 2023 - Kentucky-based Norton Healthcare confirmed that a May 2023 ransomware attack on the health system impacted 2.5 million individuals, according to a report filed with the Maine Attorney General’s Office.

As previously reported, Norton Healthcare suffered a cyberattack on May 9 that led to longer phone wait times and delays in network-related capabilities. The health system’s initial notice stated that it had received a faxed communication from threat actors containing demands and threats.

Norton Healthcare immediately notified the Federal Bureau of Investigation (FBI) and launched an investigation, later determining that the threat actors had accessed certain network storage devices between May 7 and May 9.

Norton Healthcare’s medical record system and MyChart were not impacted by the attack.

From May to November, the health system worked to review the impacted files and determine the impact of the ransomware attack.

“By mid-November, Norton Healthcare concluded, based on the data available to it, and out of an abundance of caution, that it would be most efficient to notify current (as of May 10, 2023) and former patients, employees, as well as employee dependents and beneficiaries of this incident,” the health system stated.

The impacted files contained names, contact information, dates of birth, Social Security numbers, health information, insurance information, and medical identification numbers, as well as some financial account numbers, digital signatures, and driver’s license numbers.

“Norton Healthcare began restoring its systems from secure backups on May 10, 2023. To date, Norton Healthcare has not detected any additional indicators of compromise as its networks have been restored. Norton Healthcare is also enhancing its security safeguards,” the notice concluded.

Pan-American Life Insurance Group Suffers Data Breach From MOVEit Hack

Pan-American Life Insurance Group (PALIG), a provider of life, accident, and health insurance throughout the Americas, disclosed a breach that stemmed from the Progress Software MOVEit Transfer hack. As previously reported, many organizations were impacted by the MOVEit hack. MOVEit disclosed the vulnerability on May 31 and issued a patch on the same day. 

PALIG filed two breach reports with HHS, one of which states that the breach impacted 105,387 individuals. The other notice, filed on the same day, states that the breach impacted 94,807 individuals.

“ALIG immediately ceased using MOVEit Transfer, disabled it in its system and, once available from Progress Software, successfully deployed all security patches within PALIG’s environment,” the breach notice stated.

“PALIG has been taking steps to further protect and strengthen the security of its systems. PALIG also engaged third-party cyber experts to partner with its team to launch an investigation to better understand what happened and to help prevent a similar incident in the future.”

Further investigation determined that threat actors were able to take files through PALIG’s use of the MOVEit Transfer software. The files contained names, addresses, Social Security numbers, subscriber numbers, biometric data, contact information, medical benefits information, and financial account information.

“PALIG takes the privacy and security of client information very seriously and carefully evaluates the cybersecurity posture of third-party software,” the notice continued. “PALIG will continue this effort, and it is also taking steps to further secure its use of all third-party transfer tools.”