Data from millions of patients stolen in US ransomware attack

12 Dec 2023

Image: © Maksim Kabakou/

The breach has impacted up to 2.5m individuals and includes personal data such as names, financial account numbers and digital signatures in some cases.

A ransomware attack on the non-profit healthcare system Norton Healthcare has resulted in the theft of a vast amount of data.

The healthcare provider shared details about the breach to the Office of the Maine Attorney General, which occurred during a ransomware attack in May. Norton Healthcare said its initial investigation suggested that no data was accessed during this attack.

But after a “time-consuming” investigation, Norton has since revealed that the data of up to 2.5m patients has been affected by a data breach. In a letter sent to affected individuals, the company said these stolen files contain personal information about patients, employees and dependents.

The data that was stolen is different in each case, but the healthcare provider said it could include names, contact information, social security numbers, health information, insurance information and medical identification numbers.

“In some instances, the data may also have included driver’s licence numbers or other government ID numbers, financial account numbers and digital signatures,” Norton Healthcare said in the letter.

James McQuiggan, a security awareness advocate at KnowBe4, said organisations need to ensure that critical data such as personally identifiable information is protected with “robust identity access management solutions and multifactor authentication”.

“There already have been HIPAA [Health Insurance Portability and Accountability Act] fines due to a medical organisation falling victim to phishing attacks and not protecting sensitive data,” McQuiggan said.

“Suppose organisations feel they will not be attacked because they think they’re too small to attack. In that case, cybercriminals love to target the smaller ones because they know they’re easy to socially engineer, access the network and steal the data to sell or use to target more attacks on the patients.”

Cybercriminals are known to target critical infrastructure in order to increase the pressure of their attacks and have their ransom demands met. Some critical sectors also contain sensitive or valuable data.

As a result, healthcare is a constant target for cyberattacks. For example, Ireland’s Health Service Executive was hit with a massive cyberattack two years ago. This left hospitals and other HSE services without access to electronic health records, while stolen data was leaked to the dark web.

Earlier this year, Cork cybersecurity company Smarttech247 reported a surge in attempted cyberattacks on Irish healthcare and urged Government to address the risk.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic