Spotty shower possible.
Storms after midnight
Updated: April 16, 2024 @ 12:31 pm
Norton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to be tight-lipped about the May 9 data breach.
Anchor
Nearly six months after Norton Healthcare was the victim of a cyber attack that targeted people’s personal information, credit card numbers and medical history, patients and employees continue to face issues.
LOUISVILLE, Ky. (WDRB) — Nearly six months after Norton Healthcare was the victim of a cyber attack that targeted people’s personal information, credit card numbers and medical history, patients and employees continue to face issues.
Norton, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to be tight-lipped about the May 9 data breach, which it refers to as a “cyber event.” That breach has been the subject of speculation for months as the company works to recover its information and patients struggle to obtain prescriptions and schedule appointments.
“We were still the victim of a crime here,” said Renee Murphy, a spokeswoman for Norton.
One patient, who preferred to go only as Amanda, said she’s still worried about what’s to come.
“The biggest issue is the disruption to the continuity of care,” she said. “My husband and I both experienced that four days into the hack when … our doctors could not give us a reading on a scan he had done and that we needed results on.”
In response to a slew of recent questions, Murphy said there are “no updates to share at this time.”
A federal class action lawsuit was filed July 21 against Norton Healthcare on behalf of employees and patients whose personal information was stolen from Norton’s servers in a cyber attack earlier this year. Despite having knowledge of what Norton calls a “cyber event” on May 9, the lawsuit accuses the network of failing to notify the people affected or the state attorneys general offices in the affected areas.
A hacker group called BlackCat claimed responsibility for the attack and leaked files as proof. Employees’ names, social security numbers and birth dates as well as patients’ personal information, credit card numbers and medical history are contained in documents obtained by WDRB News and available publicly on the dark web, a corner of the internet accessible via specialized web browsers. They had not been redacted, and appear to be authentic.
The documents appear to show a large amount of Norton’s financial information, including operating accounts and payroll accounts with a balance of tens of millions of dollars, credit card information, confidentiality agreements, patient imaging orders, vendor and bank information and business invoices.
Amanda said the hack has caused several problems.
“After the visit, my husband’s Facebook account and that of 30 of his friends were hacked,” she said. “Bank accounts were hacked. I had to put fraud alerts on my bank accounts and I just believe our information was stolen in that hack.”
A Norton employee said several credit cards have been fraudulently opened in her name from her information being leaked on the dark web.
Employees said most internal systems are back to normal, but there has been some backlog. One said Norton hasn’t offered identity protection to them or any information about the hack.
“Screening mammograms, they didn’t even have a first available appointment until October,” Amanda said. “So I just had that done and then was told because they still don’t have enough radiologists because so many left during period of the hacking that basically it would take longer to get my results.”
FBI Louisville said it has nothing new to report about the hack.
“I would like for there to be some transparency,” Amanda said. “I would like for them to admit what happened and put it out there to be transparent with the community they serve.”
Norton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to be tight-lipped about the May 9 data breach.
Related Stories:
Copyright 2023 WDRB Media. All Rights Reserved.
If you have information about a story you think the WDRB Investigates Team should look into, you can email investigate@wdrb.com or call the WDRB Investigates line at 502-322-1297.
Anchor
{{description}}
Email notifications are only sent once a day, and only if there are new matching items.
Your browser is out of date and potentially vulnerable to security risks.
We recommend switching to one of the following browsers: