Legal News

New York Law Firm Settles for $200K in Landmark Data Breach Case
Download PDF
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Heidell, Pittoni, Murphy & Bach, a midsize law firm representing hospitals and hospital networks in litigation, has agreed to pay $200,000 to the state of New York following a data breach that compromised the private data of almost 115,000 hospital patients. The breach, which occurred in 2021, affected over 61,000 New Yorkers, and an investigation found that the law firm had failed to comply with health information privacy and security rules and state law.

The law firm did not admit to or deny the allegations as part of the agreement. However, it did provide an update on the cybersecurity incident in response to a request for comment. The firm stated that it had no evidence to suggest that any personal information had been or would be misused due to the incident. It also claimed that less than one percent of individuals had their Social Security numbers exposed and that the affected data was primarily limited to names and birth dates.

Law firms and other legal services providers that hold sensitive and confidential data have increasingly become targets for cyberattacks involving their clients’ data and business information. Heidell, Pittoni, Murphy & Bach has 85 lawyers in four New York and Connecticut offices and primarily handle medical and products liability defense, healthcare law, civil rights, and general and commercial litigation.

  
What
Where


The breach occurred when an attacker exploited vulnerabilities in the law firm’s Microsoft email server, gaining access to its systems and later deploying malware and taking files from the firm’s systems. According to the New York attorney general’s office, the firm had left its server exposed to an attack after failing to apply patches for the vulnerabilities, which Microsoft had released several months prior.

Don’t miss out on the best legal job opportunities in your area. Search BCG Attorney Search now!

The law firm hired a cybersecurity firm to conduct a forensic investigation and got a list of “tens of thousands” of files the attackers claimed to have taken. The files included legal pleadings, patient lists, and the firm’s medical records in connection with litigation. The office also stated that the law firm paid a $100,000 ransom in exchange for the return and deletion of the data but was not provided with evidence that the data was deleted.

Get JD Journal in Your Mail

Subscribe to our FREE daily news alerts and get the latest updates on the most happening events in the legal, business, and celebrity world. You also get your daily dose of humor and entertainment!!




An analysis revealed that information, including names, birth dates, Social Security numbers, and health data, might have been exposed. The law firm began notifying affected people in May 2022.

This incident highlights the need for law firms and other legal services providers to protect sensitive and confidential data proactively. This includes implementing regular security audits, applying security patches promptly, and providing security awareness training for employees. The consequences of failing to do so can be significant, as demonstrated by the $200,000 settlement that Heidell, Pittoni, Murphy & Bach reached with the state of New York.





 

RELEVANT JOBS

Corporate Attorney for Technology-Focused Law Firm - Remote, Part Time, Flexible

USA-CO-Denver

Corporate Attorney for Technology-Focused Law Firm Location: Remote / Flexible Compensati...

Apply now

Civil Litigation Attorney

USA-CA-Beverly Hills

Civil Litigation Attorney | Personal Injury Jalilvand Law Corporation (JLC) Compensation: $125,0...

Apply now

Associate Attorney

USA-KS-Wichita

Associate Attorney    Growing Wichita KS law firm seeks an attorney with a passion f...

Apply now

Associate

USA-MA-Boston

We are a respected boutique law firm practicing labor law, employment law, public employee retiremen...

Apply now

BCG FEATURED JOB

Locations:

Keyword:



Search Now

Education Law Attorney

USA-CA-El Segundo

El Segundo office of a BCG Attorney Search Top Ranked Law Firm seeks an education law attorney with ...

Apply Now

Education Law Attorney

USA-CA-Carlsbad

Carlsbad office of a BCG Attorney Search Top Ranked Law Firm seeks an education law attorney with 4-...

Apply Now

Education Law and Public Entity Attorney

USA-CA-El Segundo

El Segundo office of a BCG Attorney Search Top Ranked Law Firm seeks an education law and public ent...

Apply Now

Most Popular

SEARCH IN ARCHIVE

To Top