Patient and employee protected health information from Louisville, Ky.-based Norton Healthcare has been posted on the dark web after the organization was hit with a cyber event on May 9, WDRB reported June 22.
Documents that contained the names, Social Security numbers, birth dates, credit card numbers and medical history of patients and employees of Norton were made public on the dark web, according to the publication, which viewed the documents.
WDRB reported that the documents had "not been redacted, and appear to be authentic," and contained information including operating accounts, payroll accounts with a balance of tens of millions of dollars, credit card information, confidentiality agreements, patient imaging orders, vendor and bank information, and business invoices from the health system.
Norton's last update about the cyber event was posted May 24, in which the health system said the incident was still under investigation and that it was working to bring its systems back online.
Becker's reached out to Norton for comment and will update the story if more information is learned.