© 2024 Louisville Public Media

Public Files:
89.3 WFPL · 90.5 WUOL-FM · 91.9 WFPK

For assistance accessing our public files, please contact info@lpm.org or call 502-814-6500
89.3 WFPL News | 90.5 WUOL Classical 91.9 WFPK Music | KyCIR Investigations
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations
Stream: News Music Classical

Norton Healthcare says 2.5 million people affected by ransomware attack in May

A computer keyboard is shown in dark, bluish lighting.
Wikimedia
Norton Healthcare said it recently finished an investigation into May's cyberattack.

Seven months after Norton Healthcare detected suspicious activity and temporarily took its computer systems offline, the organization publicly confirmed it was a ransomware attack.

In a notice on its website, Norton said the “impacted files contained personal information, primarily about patients, employees, and dependents.”

A separate document Norton filed with the Maine Attorney General details the scope of the attack. It says 2.5 million people, including 385 Maine residents, were affected by the data breach.

A related notice says Norton did not make a ransom payment.

Back when the breach happened in May, Norton said it had taken computer systems offline and notified law enforcement after its security team received a suspicious communication.

The gradual process of reviewing and then bringing each of those systems back online caused delays for patients in scheduling medical procedures and getting the results of medical imaging scans.

In its December notice, Norton said it “worked with external cybersecurity experts and federal law enforcement to terminate the unauthorized access” and is enhancing its “security safeguards.”

Norton also conducted an investigation that it said was recently finished.

“The nature and scope of the incident required time to analyze, a process that was substantially completed in mid-November,” Norton said.

The Louisville-based organization said its investigation determined the ransomware attack “gained access to certain network storage devices” between May 7 and May 9, but there’s no evidence the attack accessed Norton’s medical record system or MyChart system.

“The information that may have been impacted varied from person-to-person, but could have included: name, contact information, Social Security Number, date of birth, health information, insurance information, and medical identification numbers,” Norton said. “ In some instances, the data may also have included driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures.”

Norton said people affected by the breach can sign up for two years of free credit monitoring. Information on that is included in letters the organization is sending out.

Anyone with questions and concerns can call Norton at 866-983-5764.

Morgan is LPM's health reporter. Email Morgan at mwatkins@lpm.org.