In May 2023, a ransomware data theft attack targeted Norton Healthcare, which operates multiple hospitals and care facilities in Kentucky and Indiana. The attack exposed the personal and protected health information of nearly 2.5 million current and former patients and employees via the Alphv/BlackCat group.

Suits were filed in response in both state and federal courts for negligence and failure to protect sensitive data.

Norton Healthcare subsequently agreed on a proposed settlement in the amount of $11 million for unreimbursed out-of-pocket losses up to $2,500 per victim, and up to $80 for documented lost time at $20 per hour for each victim, a minimum $5 cash payment per claimant, and a three-year provision of medical account monitoring services for eligible individuals being notified of the breach.

Source: https://www.govinfosecurity.com/norton-healthcare-to-pay-11m-to-settle-blackcat-lawsuit-a-30788

Commentary

In the Norton Healthcare BlackCat incident, ransomware was the type of malware that led to the loss. Below are some best practices for healthcare organization cybersecurity that lower your organization's risk to malware, including ransomware:

• Conduct regular security risk assessments to identify and address vulnerabilities within systems and processes
• Implement strict access controls based on the principle of least privilege, ensuring employees and participants can access only necessary data
• Enforce multi-factor authentication to add an additional layer of security beyond passwords
• Encrypt sensitive data both at rest and in transit to protect information from unauthorized access
• Segment networks to limit lateral movement of attackers and contain potential breaches
• Provide ongoing employee training on phishing, social engineering, password hygiene, and data management best practices
• Conduct simulated phishing exercises to reinforce employee vigilance and identify areas needing further training
• Deploy continuous monitoring and threat detection systems that analyze behavior and network activity for anomalies
• Establish and routinely test an incident response plan to ensure swift containment, mitigation, and regulatory compliance
• Perform due diligence on third-party vendors thoroughly, enforcing strict contractual security requirements and regular compliance audits
• Maintain up-to-date patching and system updates to close known vulnerabilities promptly
• Implement secure mobile device management solutions to enforce security policies on mobile access points
• Use firewalls, antivirus, and intrusion detection/prevention systems to proactively block unauthorized access and malware
• Integrate advanced detection technologies such as behavioral data loss prevention and AI-driven monitoring tools
• Develop clear data disposal protocols for secure destruction of electronic and physical patient records beyond retention periods

The final takeaway is that investing in proactive security measures and testing response plans, along with documented progress in compliance, helps minimize the chances of a breach.