{
	"id": "d1d82d23-8521-47d0-9cfa-e192c96a608d",
	"created_at": "2026-04-06T01:28:51.270629Z",
	"updated_at": "2026-04-10T03:29:40.103967Z",
	"deleted_at": null,
	"sha1_hash": "e509dbbfd7e54e6efeab25e948d923a6e0cf023a",
	"title": "Norton Healthcare discloses data breach after May ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2691238,
	"plain_text": "Norton Healthcare discloses data breach after May ransomware attack\r\nBy Sergiu Gatlan\r\nPublished: 2023-12-08 · Archived: 2026-04-06 00:17:24 UTC\r\nKentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information\r\nbelonging to patients, employees, and dependents.\r\nNorton Healthcare serves adult and pediatric patients in more than 40 clinics and hospitals across Greater Louisville,\r\nSouthern Indiana, and the Commonwealth of Kentucky.\r\nWith over 20,000 employees, more than 1,750 employed medical providers, and over 3,000 total providers on its medical\r\nstaff, Norton Healthcare is Louisville's second-largest employer, with more than 140 locations throughout Greater Louisville\r\nand Southern Indiana.\r\nhttps://www.bleepingcomputer.com/news/security/norton-healthcare-discloses-data-breach-after-may-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/norton-healthcare-discloses-data-breach-after-may-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nRoughly 2.5 million individuals had their data exposed in the attack, according to breach notification letters sent to those\r\naffected by the data breach.\r\n\"On May 9, 2023, Norton Healthcare discovered that it was experiencing a cybersecurity incident, later determined to be a\r\nransomware attack,\" it said in a press release published on Friday.\r\n\"Norton Healthcare notified federal law enforcement and immediately began working with a respected forensic security\r\nprovider to investigate and terminate the unauthorized access.\r\n\"Our investigation determined that an unauthorized individual(s) gained access to certain network storage devices between\r\nMay 7, 2023, and May 9, 2023, but did not access Norton Healthcare's medical record system or Norton MyChart.\"\r\nThe attackers gained access to a wide range of sensitive information, including name, contact information, Social Security\r\nNumber, date of birth, health information, insurance information, and medical identification numbers.\r\nNorton Healthcare says that, for some individuals (likely employees), the exposed data may have also included financial\r\naccount numbers, driver's licenses or other government ID numbers, and digital signatures.\r\nPotentially affected individuals will receive two years of free credit protection services and additional information in breach\r\nnotification letters.\r\nRansomware attack claimed by BlackCat/ALPHV\r\nWhile Norton Healthcare didn't link the attack to a specific ransomware operation, the attack was claimed in late May by the\r\nALPHV (BlackCat) gang.\r\nThe attackers claimed in an entry added to their dark web leak site that they allegedly stole 4.7TB of data from the\r\nhealthcare system's compromised systems, as DataBreaches reported.\r\nThe ransomware gang also leaked dozens of files as proof of the breach and data exfiltration, containing some Norton\r\nHealthcare patients' Social Security numbers, bank statements, and more.\r\nBleepingComputer reported today that an ongoing outage affecting ALPHV's websites could be connected to a law\r\nenforcement operation.\r\nNorton Healthcare is just one of a long string of healthcare organizations in the United States that have fallen victim to\r\nransomware.\r\nFor instance, healthcare provider Ardent Health Services, which operates 30 hospitals across six U.S. states, also disclosed\r\nlast month that it was hit by a ransomware attack.\r\nSince last year, the U.S. government has issued multiple cautionary advisories regarding ransomware attacks targeting\r\nhealthcare institutions nationwide.\r\nOne such advisory came from the security team at the U.S. Department of Health and Human Services (HHS) about\r\nransomware operations like Royal, Venus, Maui, and Zeppelin targeting Healthcare and Public Health (HPH) organizations.\r\nIn October 2022, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and\r\nthe HHS notified hospitals about the Daixin Team cybercrime gang's active targeting of healthcare facilities in ransomware\r\nattacks.\r\nUpdate: Added info on the number of affected individuals.\r\nhttps://www.bleepingcomputer.com/news/security/norton-healthcare-discloses-data-breach-after-may-ransomware-attack/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/norton-healthcare-discloses-data-breach-after-may-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/norton-healthcare-discloses-data-breach-after-may-ransomware-attack/\r\nPage 4 of 4\n\nNorton Healthcare Southern Indiana, serves and the adult and pediatric Commonwealth of patients in more than Kentucky. 40 clinics and hospitals across Greater Louisville,\nWith over 20,000 employees, more than 1,750 employed medical providers, and over 3,000 total providers on its medical\nstaff, Norton Healthcare is Louisville's second-largest employer, with more than 140 locations throughout Greater Louisville\nand Southern Indiana.     \n   Page 1 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/norton-healthcare-discloses-data-breach-after-may-ransomware-attack/"
	],
	"report_names": [
		"norton-healthcare-discloses-data-breach-after-may-ransomware-attack"
	],
	"threat_actors": [
		{
			"id": "86ab2e9a-75b1-48af-8313-0a5ec1f7d12c",
			"created_at": "2023-12-03T02:00:05.154685Z",
			"updated_at": "2026-04-10T02:00:03.488062Z",
			"deleted_at": null,
			"main_name": "Daixin Team",
			"aliases": [],
			"source_name": "MISPGALAXY:Daixin Team",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775438931,
	"ts_updated_at": 1775791780,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e509dbbfd7e54e6efeab25e948d923a6e0cf023a.pdf",
		"text": "https://archive.orkl.eu/e509dbbfd7e54e6efeab25e948d923a6e0cf023a.txt",
		"img": "https://archive.orkl.eu/e509dbbfd7e54e6efeab25e948d923a6e0cf023a.jpg"
	}
}