LOUISVILLE, Ky. (WDRB) — People who accept free credit monitoring and fraud prevention from Norton Healthcare aren’t sacrificing anything in exchange, according to both the nonprofit healthcare giant and one of the attorneys suing Norton over the May 2023 data breach.
About 2.5 million people potentially impacted by the breach began receiving letters from Norton this month with an offer of two years of credit monitoring and fraud prevention from the provider Kroll.
Some wondered whether accepting the assistance may affect their ability to recover anything from Norton later, as several lawsuits seeking class-action status have been filed over the breach.
But no strings are attached, according to Norton.
That was confirmed by Gerard Stranch, one of the lead attorneys in a Jefferson Circuit Court case that is emerging as the lead class-action lawsuit. Stranch said he advises people to sign up for the free service from Kroll.
“It gives people extra professional help in monitoring their credit to try and catch any threat actors or bad actors that have their data that are using it,” Stranch told WDRB News on Thursday.
Norton experienced a ransomware attack on May 7-9, 2023. A hacker group known as BlackCat claimed responsibility a few weeks later, saying it was demanding payment from Norton not to release the information on the dark web.
Norton did not pay the hacker group, the hospital company has said. The incident hobbled Norton’s operations for several weeks — taking down electronic scheduling and prescription refills — but the system has since recovered.
In the Dec. 8 letter to victims, Norton says information that could have been released includes names, contact information, Social Security numbers, dates of birth, health information, insurance information, and medical identification numbers.
The compromised data may have also included driver’s license numbers or other government ID numbers, financial account numbers and digital signatures, according to the letter.
Stranch said he also recommends that people take advantage of their right to pull their file from credit reporting bureaus and check “if there’s anything on there that they don't recognize.”
Same goes for insurance “explanation of benefits” statements, he said.
“There’s all sorts of ways in which this data can be used; it can harm someone and so it’s important now that these people know their data is in the hands of bad actors, that they need to take steps to protect themselves,” Stranch said.
