LOUISVILLE, Ky. (WDRB) -- About 2.5 million current and former patients and employees of Louisville-based Norton Healthcare have begun receiving letters in the mail notifying them that hackers may have accessed their confidential information in a data breach last spring.
The nonprofit health care giant is offering two years of identity monitoring services to those receiving the letters.
At the same time, Norton faces mounting lawsuits seeking class-action status over the incident.
Three suits have already been combined into a single case in Jefferson Circuit Court, while another lawsuit was filed last week in U.S. District Court in Louisville by a person who received one of the Norton letters.
Norton has asked the judge in the state court case to throw out the lawsuit, saying the plaintiffs haven’t shown that they were actually injured by the data breach.
In the Dec. 8 letter, Norton said it experienced a ransomware attack on May 7-9, 2023. A hacker group known as BlackCat claimed responsibility a few weeks later, saying it was demanding payment from Norton not to release the information on the dark web.
Norton did not pay the hacker group, the hospital company has said. The incident hobbled Norton’s operations for several weeks — taking down electronic scheduling and prescription refills — but the system has since recovered.
The Louisville health care giant is offering ID monitoring to about 2.5 million people whose information may have been exposed
In the letter to victims, Norton says information that could have been released includes names, contact information, Social Security numbers, dates of birth, health information, insurance information, and medical identification numbers.
The compromised data may have also included driver’s license numbers or other government ID numbers, financial account numbers and digital signatures, according to the letter.
Norton is offering those who received the letters two years of identity monitoring services from Kroll Information Assurance, LLC at no cost.
The Kroll service includes "credit monitoring, fraud consultation and identify theft restoration services," according to the letter.
Neither Norton, Kroll nor attorneys for the plaintiffs who have sued Norton responded to interview requests on Tuesday.
A Norton spokeswoman said people with questions about the data breach can call 866-983-5764.
Related Stories:
- Second class action lawsuit filed against Norton Healthcare questioning security in data breach
- After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack
- Federal class action lawsuit filed on behalf of victims affected by Norton Healthcare data breach
- Norton Healthcare cyber attack highlights record year for data breaches nationwide
