Norton Healthcare, Inc. Experiences Ransomware Attack


On May 9, 2023, Norton Healthcare, Inc. (“Norton Healthcare”), a not for profit health system with eight hospitals in Kentucky and Indiana, learned it was the victim of a cybersecurity incident, later determined to be a ransomware attack. Norton Healthcare notified federal law enforcement and immediately began working with a respected forensic security provider to investigate and terminate the unauthorized access. Our multi-month investigation concluded that unauthorized access to certain network storage devices occurred between May 7, 2023 and May 9, 2023. We have no evidence that the unauthorized individual(s) gained access to Norton Healthcare’s medical record system or Norton MyChart. Norton Healthcare is in the process of mailing letters to those individuals who may have been impacted by the incident and for whom Norton Healthcare had a mailing address. 

Norton Healthcare takes safeguarding personal information seriously. Individuals whose information may have been impacted will be offered two years of free credit protection services. More information about the credit protection services is available in the notifications that are being mailed.

Beginning December 8, 2023, potentially affected individuals with questions or concerns regarding this incident may contact a designated call center at (866) 983-5764, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time (9:00 a.m. to 6:30 p.m. Eastern Time), excluding major U.S. holidays.

– ### –

CONTACT: Renee Murphy
Norton Healthcare
(502) 609-7930