The organization's systems got off with little blood, but this is not the case with patient and employee data.
A large network of clinics, Norton Healthcare, was subjected to a large-scale cyber attack, which resulted in data leakage of more than two million people. The organization, which includes dozens of clinics and hospitals in Kentucky and Indiana, recently announced a cybersecurity incident affecting its internal systems.
The incident was classified as a ransomware attack. The company said it informed the FBI in a timely manner, restored systems from secure backups, and did not pay a ransom.
Norton Healthcare, the third-largest private employer in the Louisville area, has more than 20,000 employees and over 1,750 doctors. The organization is represented in more than 140 locations in Louisville and Southern Indiana.
In a statement filed with the Maine Attorney General's Office on Friday , Norton said that the sensitive data of approximately 2.5 million people became available to third parties during the May ransomware attack.
In a letter sent to the victims, the nonprofit organization said that hackers had access to "certain network storage devices between May 7 and May 9," but did not have access to the medical documentation system of Norton Healthcare.
However, the attackers gained access to the personal data of current and former patients, employees, as well as their dependents and beneficiaries. The stolen data included names, contact information, dates of birth, social security numbers, medical information, insurance details, and medical identification numbers.
In addition, driver's license or other government ID numbers, financial account numbers, and digital signatures were stolen.
Norton offered victims free credit monitoring for two years, as well as a range of anti-identity theft services.
A large network of clinics, Norton Healthcare, was subjected to a large-scale cyber attack, which resulted in data leakage of more than two million people. The organization, which includes dozens of clinics and hospitals in Kentucky and Indiana, recently announced a cybersecurity incident affecting its internal systems.
The incident was classified as a ransomware attack. The company said it informed the FBI in a timely manner, restored systems from secure backups, and did not pay a ransom.
Norton Healthcare, the third-largest private employer in the Louisville area, has more than 20,000 employees and over 1,750 doctors. The organization is represented in more than 140 locations in Louisville and Southern Indiana.
In a statement filed with the Maine Attorney General's Office on Friday , Norton said that the sensitive data of approximately 2.5 million people became available to third parties during the May ransomware attack.
In a letter sent to the victims, the nonprofit organization said that hackers had access to "certain network storage devices between May 7 and May 9," but did not have access to the medical documentation system of Norton Healthcare.
However, the attackers gained access to the personal data of current and former patients, employees, as well as their dependents and beneficiaries. The stolen data included names, contact information, dates of birth, social security numbers, medical information, insurance details, and medical identification numbers.
In addition, driver's license or other government ID numbers, financial account numbers, and digital signatures were stolen.
Norton offered victims free credit monitoring for two years, as well as a range of anti-identity theft services.
