In a recent development, Norton Healthcare, a prominent healthcare organisation based in Kentucky, revealed that approximately 2.5 million individuals fell victim to a ransomware data extortion hack.
The breach, which occurred on May 9, 2023, was identified promptly, with unauthorised access to specific network storage systems detected over two days.
Compromised Information
Norton Healthcare disclosed that the attackers successfully exfiltrated files containing personal information about current and former patients, employees, and their dependents.
The compromised data encompasses names, contact details, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers.
Moreover, some instances may involve sensitive information such as driver’s license numbers, government ID numbers, financial account details, and digital signatures.
Scope and Impact
While the notice did not specify the number of affected individuals, Norton Healthcare communicated to the Maine Attorney General’s Office that the personal information of 2.5 million individuals was compromised.
The breach did not extend to the medical record system or the Norton MyChart application service, safeguarding critical patient data accessibility.
Resilience and Non-Payment of Ransom
Despite the severity of the breach, Norton Healthcare demonstrated resilience by refusing to meet the ransom demands imposed by the attackers.
This strategic decision highlights a commitment to ethical principles and resilience against cyber threats.
And here we have a Culprit!
The BlackCat/Alphv ransomware group claimed responsibility for the incident shortly after its occurrence in May 2023. This group, identified by Cisco as the second most active ransomware group of the year, posed a significant threat.
The situation escalated when the group threatened to leak around 4.7 terabytes of data allegedly stolen from Norton Healthcare.
A significant turn occurred on December 7, as the Tor-based BlackCat/Alphv leak site became inaccessible. This development, widely believed to be a law enforcement takedown operation, signifies a proactive response to curb cyber threats.
It highlights the collaborative efforts to dismantle cybercriminal operations and protect sensitive information.
Cyber Assault on Irish Water Utility
In a recent incident reported by the local newspaper Western People, a small water utility in Ireland fell victim to a cyberattack last week.
The attack disrupted the water supply for two days, affecting 180 people in Binghamstown and Drum.
Targeted Infrastructure
The hackers aimed their assault at a private group water scheme in the Erris area, focusing on a Eurotronics water pumping system.
Technical details are scarce, but the hackers defaced the user interface with a message proclaiming the hack. The attackers posted an anti-Israel message, linking their actions to the system’s origin in Israel.
Potential Hacktivist Motivation
Considering the limited technical information available, it’s likely that self-proclaimed hacktivists took control of a vulnerable industrial control system (ICS).
The water utility suggested that a less robust firewall facilitated the breach. Typically, hackers target internet-exposed programmable logic controllers (PLCs) or human-machine interfaces (HMIs) lacking adequate protection.
Global Context
This incident follows a warning from the US government about Cyber Av3ngers, a group targeting water facilities in the United States.
Expert Insight
Juan Manuel Escaño, a systems engineering and automation professor at the University of Sevilla in Spain, verified on the ICS security forum SCADASEC that Unitronics products are utilized in the Irish water sector.
His confirmation adds weight to the assessment of the targeted infrastructure.
The cyber challenges are the constant reminder that resilience is what we need as a system.
Marrium Akhtar
December 12, 2023
5 months ago