LOUISVILLE, Ky. (WDRB) -- Seven months after a cyber attack targeted people's personal information, credit card numbers and medical history, Norton Healthcare said their investigation found neither the company's medical record system or its MyChart system were accessed.

Patients and employees were left facing the issues brought by the attack on May 7 to May 9, 2023 with little explanation from Norton as officials remained tight-lipped about the data breach it had been calling a "cyber event."

Friday, Norton called the breach a "ransomware attack" for the first time since it happened. The company said it notified federal law enforcement officials and began "working with a respected forensic security provider to investigate and terminate the unauthorized access."

The investigation found that "an unauthorized individual(s) gained access to certain network storage devices" between May 7-9 but "did not access Norton Healthcare's medical record system or Norton MyChart."

Norton said the "nature and scope of" the incident "required time to analyze, a process that was substantially completed in mid-November."

Files that were impacted included personal information "primarily" about patients, employees and dependents, the company said. Impacted information varied from person-to-person, and may have included: name, contact information, Social Security Number, date of birth, health information, insurance information, and medical identification numbers, Norton said. Driver's license numbers and other government ID numbers, financial account numbers or digital signatures may have also been included in the data.

Moving forward, Norton said it was working with external cybersecurity experts and federal law enforcement to "terminate the unauthorized access" and is "further enhancing its security safeguards."

"Individuals whose information may have been impacted can sign up for two years of credit monitoring by following the instructions in written notification letters that are being mailed," Norton said, encouraging those impacted to "remain vigilant and continue reviewing account statements for unusual activity."

Those with questions can call Norton at (866)-983-5764 between 8 a.m. and 5:30 p.m. Monday through Friday.

Norton serves about 600,000 patients a year with nearly $5 billion in assets. The breach has been the subject of speculation for months as the company worked to recover its information and patients struggled to obtain prescriptions and schedule appointments.

A federal class action lawsuit was filed July 21 against Norton Healthcare on behalf of employees and patients whose personal information was stolen from Norton's servers in a cyber attack earlier this year. Despite having knowledge of the May 9 incident, the lawsuit accuses the network of failing to notify the people affected or the state attorneys general offices in the affected areas. 

A hacker group called BlackCat claimed responsibility for the attack and leaked files as proof.  Employees' names, social security numbers and birth dates as well as patients' personal information, credit card numbers and medical history are contained in documents obtained by WDRB News and available publicly on the dark web, a corner of the internet accessible via specialized web browsers. They had not been redacted, and appear to be authentic.

The documents appeared to show a large amount of Norton's financial information, including operating accounts and payroll accounts with a balance of tens of millions of dollars, credit card information, confidentiality agreements, patient imaging orders, vendor and bank information and business invoices.

In November, some Norton employees said most internal systems were back to normal but with some backlog. 

This story may be updated.

Related Stories:

Copyright 2023 WDRB Media. All Rights Reserved.