Norton Healthcare Facing Class Action Lawsuit Over BlackCat Cyberattack
Norton Healthcare, a Kentucky-based operator of more than 140 clinics and hospitals in Kentucky and Southern Indiana, is facing a class action lawsuit over a May 2023 cyberattack and data breach. Norton Healthcare has only disclosed limited information about the attack; however, the BlackCat ransomware group announced that it was behind the cyberattack and leaked some of the data stolen from Norton Healthcare on its data leak site. The stolen information included names, addresses, email addresses, dates of birth, Social Security numbers, government identification ID numbers, driver’s license numbers, payment/financial institution information, health insurance providers, medical treatment information, medical diagnoses, medications, medical images, and lab test results. The breach was reported to the HHS’ Office for Civil Rights as affecting 501 individuals, as the number of affected individuals has yet to be determined.
On July 21, 2023, a class action lawsuit was filed in U.S. District Court on behalf of plaintiff Lanisha Malone and similarly situated individuals who had their sensitive data stolen in the attack. Malone was employed by Norton Healthcare between 2015 and 2022 and claims her sensitive information was stolen and attempts have already been made to misuse that information. Malone was contacted by her bank in relation to a suspicious $1,500 charge on her debit card, which was blocked by her bank, but she has also received multiple letters and phone calls about car payments that she does not owe. She claims to spend two hours each week monitoring her accounts and credit reports for suspicious activity and said the attempted fraud has caused her great anxiety and stress due to fears about her personal and financial safety.
Despite the attack occurring on May 9, Malone claims not to have been notified by Norton Healthcare about the data breach and that Norton Healthcare has not provided any explanation as to why notification letters have not been issued to any of the victims. Norton Healthcare’s website notification says the investigation is ongoing and that it is close to restoring all operations.
The lawsuit seeks class action status, a jury trial, compensatory damages, and an order from the courts requiring Norton Healthcare to issue notifications to all affected individuals and update its security solutions to better protect patient data. The lawsuit also seeks 10 years of credit monitoring services for all victims of the breach.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy