Kentucky Cyber Attacks

Infrastructure Affected

Public Safety
Back to Archive

Public Safety

Hack shuts down internet for thousands across Bardstown, Nelson County

Breach Type – Uknown, Ransomware


  • "Hacked heading into a holiday weekend. The digital network went down in the Bourbon Capital of the World on Friday. Thousands of people across Bardstown lost internet access, crippling servers at city and county agencies.”
  • “As a result of the outage, Nelson County Sheriff Ramon Pinerora says they quickly switched to AT&T hotspots. They also started relaying calls through a State Police post. He says the department will continue to answer any calls from the county.”
  • "So we would ask the public to understand what's going on here locally, that now we're gonna have to go outside of our dispatch to get information back to us, and relay to the officers, or deputies, or EMS, whatever the case may be," Sheriff Pineiroa said.
  • ”Thousands of homes were impacted too, along with many of the town's small shops.”
Read More
Nelson County Gazette

  • "Mayor Dick Heaton ...provided an update on the network disruption that knocked the city’s Bardstown Connect internet service offline starting at about 3 a.m. Friday, Sept. 2. Heaton confirmed the city experienced a ransomware cyberattack.”
  • “…the city said that it was a subcontractor of the company Water Works uses for customer care and billing solutions that noticed the problems on its servers.”
  • "Heaton refused to state the amount of the ransom that was requested. He did confirm that the city had not paid a ransom. Because of the ongoing investigation, he could not provide additional details.”
  • “He also would not address a question about how the ransomware attack infiltrated the city’s internet system. He also would not specify if the affected computers’ were encrypted or otherwise blocked from being used because of the malicious attack.”
  • “Heaton heaped praise on the city’s IT department, some of whom worked 22 hours straight at the start of the outage to get Bardstown Connect internet restored."
Read More


Local Government

City of Frankfort, Franklin County

Breach Type – Hacking, Ransomware

The State Journal

  • A city release stated that several internal systems were unavailable, but that the city webiste, email, and emergency services were unaffected
  • The city has authorized a purchase of 60 new computers to replace devices compromised in the attack
  • A release by the city claims that there has been no evidence of misuse of compromised information and that there is a forensic investigation ongoing
Read More

Kentucky Office of Unemployment Insurance website, State of Kentucky

Breach Type – Unknown, DDoS


  • Bad actor attempted to access state's unemployment website
  • Random login names had been used to no avail
  • Officials believed security wasn't breached and claimant information was secure
Read More

Jefferson County PVA office, Jefferson County

Breach Type – Unknown, Ransomware


  • Local government agency was victim of ransomware cyberattack
  • Bad actor's disabled agency's ability to access data
  • Officials stated they didn't believe a security breach occurred
Read More

City of Lexington, Fayette County

Breach Type – Hack, Data Breach


  • Employee information was put at risk during a third-party contractor email phishing attack
  • Information like Social Security addresses and dates of birth were exposed of over 500 current or former employees
  • There have been no notes of any identity theft or financial problems arising from recent attack
Read More

Kentucky Employees' Health Plan, State of Kentucky

Breach Type – Other, Data Breach

Government Technology

  • Almost 1,000 members of employee health plan were affected
  • Bad actor used valid logon credentials to access accounts
  • Biometric screening and health assessment data was compromised
Read More

City of Paducah, McCracken County

Breach Type - Hacking, Malware

WPSD Local 6

  • Bad actors disrupted server access during cyberattack
  • IT officials worked diligently to restore network
  • Officials believed private information remained safe
Read More
WPSD Local 6

  • Unknown bad actors hit city network
  • Third party IT firm utilized in investigation
  • City officials confirmed complete forensic investigation
Read More
WPSD Local 6

  • City paid upwards of $30,000 following cyberattack
  • Bad actors utilized ransomware to freeze data
  • IT personnel forced to rebuild systems from scratch
Read More

Park DuValle Community Health Center, Jefferson County

Breach Type – Unknown Ransomware


  • Nearly $70,000 was given to hackers in the hopes that the data of around 20,000 patients would be released back to the center
  • It has been several months without any sign of the data being restored as operations run on pen and paper
  • This was the second attack that the center has faced forcing DuValle to lose over $1 million in attempts at restoration
Read More

Louisville Regional Airport Authority, Jefferson County

Breach Type - Ransomware


  • Louisville Regional Airport attacked by ransomware virus, affected numerous files
  • Attack did not otherwise impact operations or security systems
  • Malicious software was removed, and infected files restored from backup
Read More

Daviess County Library, Daviess County

Breach Type - Hacking, Ransomware

14 News

  • Daviess County Library attacked with ransomware
  • Attacker demanded $40,000 to retrieve compromised data
  • IT advised that they had to revert to backup systems
Read More

Kentucky Finance and Administration Cabinet's Department of Revenue

Breach Type - Phishing, Other


  • 12 state government email accounts compromised
  • Accounts include those of employees in the Finance and Administration Cabinet’s Department of Revenue
  • The accounts keep highly confidential personal and financial records about all Kentucky taxpayers
  • Login information affected
  • Emails may contain malicious Microsoft Office attachments
Read More

City of Glenview

Breach Type - Hack

Wave 3 News

  • Hackers claiming to be Islamic state hack city website
  • Built script to scan government pages for vulnerabilities
  • Hackers post threatening messages on webpage
Read More



Norton Healthcare update on cyberattack, Louisville County

Breach Type – Unknown, Ransomware

  • "Norton Healthcare has six hospitals in Kentucky and one in Indiana. Since May 9, they have been working on recovering from a cyberattack.”
  • ”Here are some details that Norton Healthcare has provided in their update yesterday: The attack was noticed on May 9. A fax was also received that day containing “threats and demands.” Although network systems were still operational, they were taken offline proactively."
  • “No ransomware group has seemed to claim responsibility for the attack, but if the attack and first contact to Norton was on May 9, the attackers may not be posting anything yet because they are hoping Norton will negotiate with them.”
Read More

Ransomware attack on PharMerica affected 5.8 million patients, Louisville County

Breach Type – Hacking, Data Breach

  • "While the Fortra/GoAnywhere data breach by Clop is shaping up to be the biggest, or one of the biggest, breaches affecting HIPAA-covered entities and business associates in 2023, an attack by Money Message on PharMerica is currently the largest single breach reported so far this year, with almost 6 million affected.”
  • ”On April 8, DataBreaches reported that PharMerica, a national pharmacy network, and its parent BrightSpring Health, a home and community-based health services provider, had been hit by the Money Message ransomware group. DataBreaches described the data the threat actors leaked as proof, obtained a statement from BrightSpring, and also obtained additional data and claims from Money Message."
  • “On April 14, Money Message informed DataBreaches that they had locked almost the entire infrastructure of both companies (a claim in conflict with BrightSpring’s claim that operations were not impacted), and that although there had been some negotiations, they had reached an impasse and would continue leaking data.”
  • ”On May 12, PharMerica notified the Maine Attorney General’s Office about the incident, reporting that 5,815,591 people had been affected, total. Of those, 35,068 were Maine residents.”
Read More

Kentucky hospital breach exposed PHI, Taylor County

Breach Type – Hacking, Data Breach

Becker Hospital Review

  • "Taylor Regional Hospital notified its patients that a cybersecurity incident, which began with a hack of its systems, led to patient information being exposed."
  • "On Jan. 25, the hospital released an urgent notice stating that a cybersecurity incident had taken down the entire hospital's computer system and phone lines"
  • "According to the hospital, an unauthorized person gained access to its computer network between Nov. 2, 2021, and Jan. 19, 2022, obtaining patient files that included names, and one or more of the following: addresses, dates of birth, Social Security numbers, insurance information, medical record numbers and information regarding patient care."
  • "The investigation is ongoing, but the hospital said it has found no indication that any patient information involved in the incident has been misused. It continues to notify affected patients."
Read More

UK HealthCare, Fayette County

Breach Type – Unknown, Data Breach


  • The blackbaud breach had no sensitive information exposed
  • Many different systems were exposed in the Blackbaud breach
  • Exposure is forcing medical systems to notify patients and donors about breach
Read More

Hardin Memorial Hospital, Hardin County

Breach Type - Hacking, Malware/Other

Wave 3

  • Hardin Memorial Hospital noted that there was a possible hacking at the healthcare facility
  • The Hospital had experienced several hiccups within their IT systems overnight
  • Extra staff was called in to maintain patient care and all processes became manual
Read More
Health IT Security

  • HMH faced downtime following a cyber-attack over the weekend
  • Officials state that they were able to repair systems and restore nominal processes
  • IT systems were affected and paused as work was made to restore the servers
Read More

Appalachian Regional Hospital

Breach Type - Hack

The Register-Herald

  • Hackers plant virus in Appalachian Regional's electronic web-based services and communications
  • Computers shut down to prevent further spread of malware
  • All patient care handled manually
  • ARH would not disclose what information was accessed during breach
Read More

Kentucky State Health Insurance Website

Breach Type - Other (vulnerabilities discovered)

AP News

  • Government Accountability Office discovered vulnerabilities in 3 state health insurance websites
  • One state did not encrypt passwords
  • One state did not properly use a filter to block hostile attempts to visit the website
  • One state did not use the proper encryption on its servers
  • Spokesperson states that nobody's personal information was released or compromised
Read More

Methodist Hospital, Henderson

Breach Type - Ransomware


  • FBI investigating cyber security breach
  • Hackers locked patient files and demanded ransom for data
  • Hospital remains available to its patients during the attack
  • Officials considering paying ransom to hackers as means of securing patient data
Read More



Kentucky Wesleyan College, Daviess County

Breach Type – Unknown, Data Breach

Data Breaches

  • 31,796 individuals affected by a network security incident in September 2020
  • Information that may have been compromised includes Social Security Numbers, among other things
  • The college has offered 24 months of credit monitoring and identity theft restoration services with a third party company
Read More

University of Kentucky, Fayette County

Breach Type – Unknown, Malware

Info Security

  • College healthcare provider impacted in cyberattack
  • Officials believed personal information was not leaked
  • Statement was released following system reset
Read More

Hopkins County Schools, Hopkins Schools

Breach Type - Hacking, Data Breach

The Messenger

  • A compromised account had exposed sensitive information of over 7,000 students
  • In order to prevent any further occurrences the school board has focused on training staff on password protection
  • The school board has needed to contact many statewide agencies such as the Kentucky State Police, and Department of Education
Read More

Scott County Schools, Scott County

Breach Type - Phishing, Other


  • The FBI has begun investigating after funds from an invoice were never received
  • The school had fallen victim to a fraudulent email giving money to the hackers
  • Millions were lost from the district following the scam
Read More

Bardstown City School District, Nelson County

Breach Type - Phishing, Other

Nelson County Gazette

  • The schools were victim to a recent attack that almost compromised an employee their paycheck
  • Following a procedural error an employee’s money was diverted to a different bank account
  • Once the error was noticed the bank was contacted immediately and the transfer was stopped before the money was lost
Read More

University of Louisville, Jefferson County

Breach Type - Hacking, Data Breach

The Register-Herald

  • 250 University faculty and staff had personal data breached by hackers
  • Hackers exfiltrated data from the school’s health initiative “Get Healthy Now”
  • No financial data appears to be at risk
Read More