Norton Healthcare has six hospitals in Kentucky and one in Indiana. Since May 9, they have been working on recovering from a cyberattack. They don’t call it a ransomware attack but if they received faxed threats and demands as they state in their update, it was likely either a ransomware attack or someone skipped the malware and just exfiltrated data and then made extortion demands.
Here are some details that Norton Healthcare has provided in their update yesterday:
- The attack was noticed on May 9.
- A fax was also received that day containing “threats and demands.”
- Although network systems were still operational, they were taken offline proactively.
“Within days,” they write, “we learned that Norton Healthcare was the victim of a cyber-event and we contacted the FBI.” Of note, they also claim that their network was never out of their control and that patient care continues. “Caregivers follow established procedures when systems are offline. They may have to utilize manual processes and paper, but they are working hard to ensure patients receive the care they need,” the update states.
What they don’t say is whether there have been further communications from the attacker(s) that indicates how much patient data was exfiltrated, if it was. Norton claims that they can’t tell us some things because it is an active investigation.
No ransomware group has seemed to claim responsibility for the attack, but if the attack and first contact to Norton was on May 9, the attackers may not be posting anything yet because they are hoping Norton will negotiate with them. Time will tell.