Free1970 - stock.adobe.com

KY Health System Suffers Cyber Incident

Norton Healthcare is actively responding to a cyber incident that occurred on May 9 and began with a faxed communication from threat actors.

Kentucky-based Norton Healthcare is responding to and recovering from a cyber incident that began on May 9 and led to longer phone wait times and delays in network-related capabilities. The health system’s initial notice stated that its information services team noticed suspicious network activity on May 9 and also received a faxed communication containing demands and threats.

“While network systems were still operational, our cyber-security experts immediately and proactively took our network offline to further protect our systems. Then a thorough analysis of our network began,” a May 11 update stated.

“Within days, we learned that Norton Healthcare was the victim of a cyber-event and we contacted the FBI. Our CEO and entire leadership team have been dedicated to getting answers, restoring the network and working diligently to support our teams. This investigation is ongoing and we are dedicating significant resources to get answers.”

On May 22, the health system said that it was working as quickly as possible to bring systems back online and get test and imaging results to patients. As of May 24, Norton Healthcare said that it is continuing to “bring systems back online and are closer to resuming all operations.”

Specifically, the health system directed patients to reach out to their provider’s office directly for questions about scheduled procedures and exams.

“Norton Healthcare is working with third party specialists to carefully examine and safely restore all network applications following the cyber event,” the update concluded. “This process is a time consuming but critical part of the restoration process. We appreciate your patience as the investigation continues.”

Harvard Pilgrim Health Care Sheds Light on Point32Health Ransomware Attack

Harvard Pilgrim Health Care issued an official breach notice following a ransomware attack against its parent company, Point32Health. As previously reported, Point32Health suffered a ransomware attack on between March 28 and April 17 that impacted systems that support Harvard Pilgrim Health Care commercial and Medicare Advantage Stride℠ plans (HMO)/(HMO-POS).

Despite having the same parent company, Tufts Medicare Preferred, Tufts Health Public Plans, CarePartners of Connecticut and Tufts Health Plan remained unimpacted.

Harvard Pilgrim’s notice stated that the threat actor may have copied and taken data from its systems, including names addresses, health insurance account information, Social Security numbers, clinical information, phone numbers, dates of birth, and provider taxpayer identification numbers belonging to current and former subscribers, dependents, and contracted providers.

“In response to this incident, Harvard Pilgrim is taking steps to implement additional data security enhancements and safeguards to better protect against similar events in the future,” the notice stated. “Harvard Pilgrim is, and has always been, committed to prioritizing the security of the data entrusted to it.”

Next Steps

Dig Deeper on Healthcare data breaches