UofL cybersecurity expert says size of Norton Healthcare made it a target for hackers | News | wdrb.com

UofL cybersecurity expert says size of Norton Healthcare made it a target for hackers
Christie Battista May 12, 2023 Updated May 12, 2023 Comments

LOUISVILLE, Ky. (WDRB) -- The "cyber event" that ended with several systems being taken offline across North Healthcare properties earlier this week came as no surprise to Dr. Roman Yampolskiy, director of the cybersecurity lab at the University of Louisville.

The more people who could potentially click on a dangerous link, Yampolskiy said, the easier it is to invite hackers into your systems.

"You have more employees, more people to click yes on weird things," he said of Norton. "That's just makes you an easier target, and your size allows you to pay more in cryptocurrencies. So I'm not surprised. I expected exactly that."


Norton continues to evaluate its computer systems after the hacked. The hospital said Tuesday it got a suspicious message and took several systems offline as a precaution. MyChart services were partially restored Wednesday, and Norton has offered no explanation or details outside of the following written statement:

"Although our review is ongoing, an initial analysis confirms Norton Healthcare was the victim of a cyber-event. Our Information Services team and cybersecurity experts are working to thoroughly inspect and determine the scope of the event. We have notified law enforcement.

As we learn more details of the impact of the event, we will be transparent with employees and the community about next steps.

This event began on Tuesday, when the security team received a suspicious communication related to information systems. In response, systems were immediately taken offline and internet and email access were disabled as a precaution to further protect the network. Teams are working to restore normal computer operations as quickly and safely as possible.

Hospitals, other facilities and medical practices remain open while caregivers follow protocols for times in which systems are down. Patients should continue to arrive for appointments at regular times unless otherwise contacted by phone.

Health care systems around the country have dealt with similar cyber events and cybersecurity is a top concern for Norton Healthcare. Our commitment to providing care to our community has not changed."

Dr. Roman Yampolskiy
Dr. Roman Yampolskiy, director of the cybersecurity lab at the University of Louisville. May 12, 2023. (WDRB Photo)

Yampolskiy, also an associate professor at UofL, said a ransomware attack usually involves someone encrypting files and then demanding a ransom. Data could have also been taken and personal information could have been put on the dark web.

"I suspect at this point they're trying to figure out what happened," he said. "If they have ransomware situation, do they have a backup which is recent enough? If it's stolen data, what's taken?"

Yampolskiy said current Norton patients and employees should always have a backup plan when it comes to your personal information. Even cancel a credit card and get a new one if you're worried.

"You could always be concerned," he said. "You cannot do anything about it. It's already happened. So, at this point, it doesn't really matter."

Norton has not provided specifics about the message it received, or said if any patient information was compromised.