News Heading - 1

Norton Healthcare Confirms ALPHV May Ransomware Attack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a public notification, Norton Healthcare disclosed that the May security incident had compromised sensitive data belonging to patients, former and current employees, and dependants.

Based in Louisville, Kentucky (US), Norton Healthcare is a leading provider of medical care and health services across Greater Louisville, Southern Indiana, and the Commonwealth of Kentucky. It

‘’On May 9, 2023, Norton Healthcare discovered that it was experiencing a cybersecurity incident, later determined to be a ransomware attack,’’ Norton revealed .

On confirming the cyberattack, the healthcare provider notified federal law enforcement, and engaged a leading forensic security provider to investigate the incident.

Its investigation revealed that certain network storage devices were accessed by an unauthorized threat actor between May 7, and May 9, 2023, respectively.

Although the hackers were unable to access its healthcare’s medical record system or Norton MyChart; sensitive personal information, including name contact details, Social Security Number, date of birth, health data, insurance information, and medical identification numbers were accessed.

In case of certain individuals, information like, financial account numbers, driver’s licenses or other government ID numbers, and digital signatures were also exposed.

Norton Healthcare says that in addition to bolstering its security systems, it will also provide 2-year complimentary credit monitoring and identity protection services to impacted individuals.

While the healthcare provider didn’t call it a ransomware attack, notorious ALPHV (BlackCat) took responsibility for the attack in late May, claiming to have stolen 4.7TB of company data. Furthermore, as proof of its claim, the gang posted dozens of files , including images of checks and bank statements, Social Security number, and other personal information.

In the breach filing with the US HHS’ Office for Civil Rights, Norton Healthcare disclosed that 501 individuals were impacted. But the incident report filed with the Office of the Maine Attorney General suggests the number to be 2.5 million .

News Heading - 2

Tipalti Says No Evidence of Breach After ALPHV Claims Stealing 256GB Data

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Tipalti says it has found no evidence of a data breach after the notorious ransomware gang ALPHV (Aka BlackCat) claimed to have hacked the accounting software provider’s network.

On 3 December, ALPHV in a post on its leak website claimed to have breached Tipalti’s network since 8 September . The gang stated that by staying undetected in ‘’multiple Tipali systems’’, it had managed to exfiltrate 256GB of confidential business data including Twitch and Roblox information. In the same post, it announced to extort these two companies separately.

“We remain committed to this exfiltration operation, so we plan to reach out to both these companies once the market opens on Monday as we believe we will have an even greater amount of data by then,’’ the post read.

In response, Tipalti engaged third-party forensic experts and launched an investigation ; however, to date, no evidence has been found to support the alleged claims.

“Protecting your data and the security of our systems is of utmost importance to us and we are taking this matter very seriously,” a company notification to customers shared by Zach Bussey on X read. “Our team is thoroughly investigating these claims, and, at the moment, we have found no evidence of a breach or data leak.”

It also reassured customers that it would continue to investigate and monitor the situation and share updates regarding this.

The California-based accounting and payment automation software company processes more than $50 billion in payment annually, and services over 2,500 customers worldwide. Besides Roblox and Twitch, some of its prominent clients include GoDaddy, Roku, X, ZipRecruiter, Canva, and others.

Post Tipalti’s response, ALPHV reposted the company on its leak site , warning that it was contacting Tipalti’s clients with individual ransomware demands. While the name of all affected customers was not revealed, the gang is believed to be targeting Roblox, the popular online gaming platform.

“In the case of Roblox, we plan to individually extort affected parties, such as their creators, for whom we have significant confidential information, including tax documents,” the post revealed.