{"id":23581,"date":"2023-12-12T14:10:04","date_gmt":"2023-12-12T22:10:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/12\/12\/news-17311\/"},"modified":"2023-12-12T14:10:04","modified_gmt":"2023-12-12T22:10:04","slug":"news-17311","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/12\/12\/news-17311\/","title":{"rendered":"Healthcare giant Norton breach leads to theft of millions of patient records"},"content":{"rendered":"\n<p>Healthcare company Norton says a May breach led to the theft of data of around 2.5 million of its patients, as well as employees and their dependents.<\/p>\n<p>Norton has more than 40 clinics and hospitals in and around Louisville, Kentucky. In\u00a0<a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/0d29d7d3-48c2-4879-b6c7-32360396bd04.shtml\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">a filing with Maine\u2019s attorney general on Friday,<\/a>\u00a0Norton said that on May 9, 2023, it discovered an \u201cexternal system breach.\u201d While the attackers were in the system, Norton says, the sensitive data of the patients, and employees and their dependents was accessed.<\/p>\n<p>In a <a href=\"https:\/\/nortonhealthcare.com\/news\/norton-healthcare-network-update\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">security incident notice<\/a> as well as the letter that was sent to potential victims, Norton said the attackers accessed certain network storage devices, but did not access Norton Healthcare\u2019s medical record system or Norton MyChart, its electronic medical record system.<\/p>\n<p>The leaked information included names, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers. Some people also had their\u00a0financial account numbers, driver licenses or other government ID numbers, and digital signatures also taken.<\/p>\n<p>While Norton never called the incident a ransomware attack, according to <a href=\"https:\/\/www.databreaches.net\/norton-healthcare-didnt-call-it-a-ransomware-attack-then-blackcat-claimed-responsibility-for-it\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">databreaches.net<\/a> the attack was claimed by ALPHV\/BlackCat. We could not confirm this, since at the time of writing, the ALPHV leak site is recovering from an <a href=\"https:\/\/twitter.com\/vxunderground\/status\/1733176911843541383\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">outage due to problems with their hosting provider<\/a>.<\/p>\n<p>Norton says it told law enforcement about the attack and confirmed it did not pay any ransom payment. ALPHV claims to have extracted 4.7 TB worth of data and posted dozens of files as proof to get negotiations underway.<\/p>\n<p>ALPHV is one of the most active ransomware-as-a-service (RaaS) operators and regularly appears in our\u00a0<a href=\"https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2023\/11\/ransomware-review-november-2023\">monthly ransomware reviews<\/a>\u00a0as one of the top five most active groups. Recently they made headlines when one of their affiliates, known as\u00a0<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/11\/scattered-spider-ransomware-gang-falls-under-government-agency-scrutiny\">Scattered Spider<\/a>\u00a0<a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/ransomware-group-steps-up-issues-statement-over-mgm-resorts-compromise\">attacked MGM<\/a>. They also <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/11\/ransomware-gang-files-sec-complaint-about-target\">filed a SEC complaint about one of their victims<\/a>\u00a0for failing to disclose a breach.<\/p>\n<p>Our podcast host David Ruiz talked to ransomware expert Allan Liska about the why of the SEC complaint.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-spotify wp-block-embed-spotify wp-embed-aspect-21-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">  <\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-data-breach\">Data breach<\/h2>\n<p>There are some actions you can take if you are, or suspect you may have been, the <a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/involved-in-a-data-breach-heres-what-you-need-to-know\">victim of a data breach<\/a>.<\/p>\n<ul>\n<li><strong>Check the vendor&#8217;s advice.<\/strong> Every breach is different, so check with the vendor to find out what&#8217;s happened, and follow any specific advice they offer.<\/li>\n<li><strong>Change your password.<\/strong> You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\">strong password<\/a>&nbsp;that you don&#8217;t use for anything else. Better yet, let a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li><strong>Enable two-factor authentication (2FA).<\/strong> If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\">two-factor authentication (2FA)<\/a>&nbsp;can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.<\/li>\n<li><strong>Watch out for fake vendors.<\/strong> The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.<\/li>\n<li><strong>Take your time.<\/strong> Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<li><strong>Set up identity monitoring.<\/strong> <a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\">Identity monitoring<\/a> alerts you if your personal information is found being traded illegally online, and helps you recover after.<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don&#8217;t just report on threats &#8211; we help safeguard your entire digital identit<\/strong>y<\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family&#8217;s\u2014personal information by using\u00a0<a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\" target=\"_blank\" rel=\"noreferrer noopener\">Malwarebytes Identity Theft Protection<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/12\/healthcare-giant-norton-breach-leads-to-theft-of-millions-of-patient-records\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Ransomware operator ALPHV\/Blackcat reportedly stole 2.5 million records from non-profit healthcare system Norton Healthcare <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[32,11523,3765],"class_list":["post-23581","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-news","tag-norton","tag-ransomware"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23581","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23581"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23581\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23581"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}