Cyber Breach

BlackCat Hackers Claim Responsibility for Norton Heath Hack

Marty Tatro
by November 22, 2023
Short on time? Listen instead.

On May 9th of this year, a hacker group named BlackCat claimed responsibility for a destructive attack against Norton Healthcare of Kentucky and Indiana. The attack caused Norton Healthcare to shut off Internet connection to their servers.

Who is BlackCat?

BlackCat is a relatively new player in the ransomware and malware threat landscape, detected in late 2021. This does not make them any less of a threat, as they have been quite busy since then.

BlackCat provides malware applications to those willing to pay and who have an interest in using the software to breach others’ networks and systems, but they also conduct their own attacks. With ransom demands escalating to over 1 million dollars, this is not a group to ignore.

This group has been busy since their discovery, with over 60 known victims and likely many more that haven’t reported them or provided enough details to attribute the attacks against them to any one group.

Some of the victims of BlackCat are:

  • German oil companies
  • Western Digital
  • Italian energy
  • Governments
  • And more

With a long list of targets successfully compromised and data exfiltrated, all in a little over one and a half years, BlackCat appears to be an up-and-coming threat worldwide. It also seems that many of their victims are based in the US, topping out at almost 300 targets.

BlackCat also appears to be target-agnostic. They have struck out at technology, energy, transportation, food and beverage, and other industries.

For those of us working to defend the smaller and more vulnerable companies and organizations, it is a worry that over 50% of the targets were small. 

What Happened?

In this particular attack, BlackCat assaulted the online services and patient data stored on Norton Healthcare’s servers and systems. When employees noticed the activity and received a fax with threats and demands, they notified company personnel in charge of cybersecurity. 

At this time, it doesn’t appear that there is any publicly available information on whose data has been compromised, if any, and to what extent. It is known that patients are being warned through the company’s online portal and website about the attack, as well as the effects caused by it. Those effects may include:

  • Changes in scheduling and check-in procedures
    • Norton uses MyChart, provided by Epic Systems, for patient access to their digital records and communication with their medical provider.
  • Norton has asked that patients call for many services instead of using online resources.
  • Notification that Norton is still working on the issues and has engaged third-party assistance in this endeavor. 

Currently, no notification is listed on the US Department of Health and Human Services, Office for Civil Rights (HHS-OCR) breach notification page. This is likely due to the ongoing internal investigation and potentially because the number of persons affected is unknown. 

This type of breach can be devastating for a healthcare provider or their business associates.

With the loss of connection to patient data, Doctors affiliated with Norton are having a much more difficult time promptly providing services, including surgery, to their patients.

Privacy Violations Suit

Medications and prescribed medical devices or supplies may not be provided when needed, as prescriptions and orders for these items also reside within the Norton network.

Further details are not yet available, but Norton Healthcare’s network of hospitals and clinics is also affected by this breach.

How will this Affect You?

If you are in a small or medium-sized organization, then this particular attack group is a potential threat. Many groups in that category have few, if any, IT or cybersecurity personnel on hand and may have few defenses in place to protect themselves. This gives hackers like BlackCat an avenue into your networks and systems, and they will take advantage of that door if they find it. 

If you are personally or professionally affiliated with Norton Healthcare, then it is likely that you have already been informed about this breach and your next steps, if any. There may be ways that you can increase your security until such time that Norton can come back entirely online, allowing you to continue business even if hobbled by restricted access to data and your clients.

If you are a client of Norton or their affiliates, you may receive a notification that your information was compromised. Take this notification seriously, and if it is offered, use the personal information protection and monitoring that will likely be included in the notification. In the meantime, keep an eye on your medical records and information and your financial accounts that may be connected to Norton’s systems. 

What should you do?

Be proactive and protect yourself and your financial, personal, and medical data. All of this data is valuable to some extent to malcontents and thieves around the world. 

Assessing your Cybersecurity Posture

f you are a client or affiliate of Norton, contact them and ask about your data. This is normal, and expected, so there should be no problem finding out whether it has been determined that it has been compromised or not. They may ask you to use a different number or contact method specifically set up for this breach.

You may also want to consider taking out insurance for yourself or your business as a protection in case of breach or loss of your information, theft, financial fraud, and other misuses or natural disasters.

Be aware of the changing threat landscape, who the threats are, and who they are attacking. Knowledge is a huge lever in protecting yourself and your business.

Northstarr Recommendations 

  • Invest in Cybersecurity Professionals: Engage the services of skilled IT and cybersecurity professionals to adequately secure, maintain, and monitor your systems, networks, and data.
  • Data Categorization: Clearly define and categorize your data to apply appropriate security measures. High-risk or sensitive data will require advanced protection mechanisms.
  • Establish Clear Policies and Procedures: Develop and implement detailed security policies and procedures for handling data. This includes access controls, data processing, storage, transmission methods, and incident response plans.
  • Continuous Employee Training: Conduct regular training on security measures and company policies for all personnel. This can significantly reduce the risk of a security breach due to human error or ignorance.
  • Annual Security Reviews: Perform at least annual reviews of your security policies, procedures, and training to ensure they are up-to-date and effective. In addition, conduct periodic security audits to identify potential vulnerabilities or gaps in your security infrastructure.
  • Third-Party Security Obligations: If your business involves third-party personnel or affiliates requiring access to your data or systems, ensure they are aware of and adhere to your security policies and practices. Consider making this a contractual obligation to ensure data safety.

To find out more about how we can help, visit our website to set up an appointment.  We look forward to meeting with you!