The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Norton Healthcare Facing Class Action Lawsuit Over BlackCat Cyberattack

Posted By on Jul 27, 2023

Norton Healthcare, a Kentucky-based operator of more than 140 clinics and hospitals in Kentucky and Southern Indiana, is facing a class action lawsuit over a May 2023 cyberattack and data breach. Norton Healthcare has only disclosed limited information about the attack; however, the BlackCat ransomware group announced that it was behind the cyberattack and leaked some of the data stolen from Norton Healthcare on its data leak site. The stolen information included names, addresses, email addresses, dates of birth, Social Security numbers, government identification ID numbers, driver’s license numbers, payment/financial institution information, health insurance providers, medical treatment information, medical diagnoses, medications, medical images, and lab test results. The breach was reported to the HHS’ Office for Civil Rights as affecting 501 individuals, as the number of affected individuals has yet to be determined.

On July 21, 2023, a class action lawsuit was filed in U.S. District Court on behalf of plaintiff Lanisha Malone and similarly situated individuals who had their sensitive data stolen in the attack. Malone was employed by Norton Healthcare between 2015 and 2022 and claims her sensitive information was stolen and attempts have already been made to misuse that information. Malone was contacted by her bank in relation to a suspicious $1,500 charge on her debit card, which was blocked by her bank, but she has also received multiple letters and phone calls about car payments that she does not owe. She claims to spend two hours each week monitoring her accounts and credit reports for suspicious activity and said the attempted fraud has caused her great anxiety and stress due to fears about her personal and financial safety.

Despite the attack occurring on May 9, Malone claims not to have been notified by Norton Healthcare about the data breach and that Norton Healthcare has not provided any explanation as to why notification letters have not been issued to any of the victims. Norton Healthcare’s website notification says the investigation is ongoing and that it is close to restoring all operations.

The lawsuit seeks class action status, a jury trial, compensatory damages, and an order from the courts requiring Norton Healthcare to issue notifications to all affected individuals and update its security solutions to better protect patient data. The lawsuit also seeks 10 years of credit monitoring services for all victims of the breach.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist