Data Breach Hits Law Firm Specializing in Data Breach Cases

An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims. San Francisco-based Orrick, Herrington & Sutcliffe said last week that hackers stole the personal information and sensitive health data of more than 637,000 data breach victims from a file share on its network during an intrusion in March 2023. Orrick also said it notified health insurance company MultiPlan, behavioral health giant Beacon Health Options (now known as Carelon) and the U.S. Small Business Administration that their data was also compromised in Orrick’s data breach. The data also includes medical treatment and diagnosis information, insurance claims information — such as the date and costs of services — and healthcare insurance numbers and provider details. The number of individuals known to be affected by this data breach has risen by threefold since Orrick first disclosed the incident.

An international law firm that specializes in handling security incidents for companies has fallen victim to a cyberattack of its own, resulting in the exposure of sensitive health information for hundreds of thousands of individuals affected by data breaches.

Last week, San Francisco-based Orrick, Herrington & Sutcliffe, announced that hackers had accessed its network in March 2023 and stolen personal data and sensitive health information from over 637,000 victims of data breaches.

Orrick works with companies impacted by security incidents, such as data breaches, to navigate regulatory requirements. This includes obtaining information from victims in order to notify state authorities and affected individuals.

In recent breach notification letters sent to those affected, Orrick disclosed that the hackers had gained unauthorized access to a large amount of data from their systems, relating to security incidents at other companies where Orrick had served as legal counsel.

The breach included data belonging to clients who had vision plans with insurance giant EyeMed Vision Care, dental plans with healthcare insurance network Delta Dental, and health insurance provider MultiPlan. Additionally, data belonging to behavioral health giant Beacon Health Options (now known as Carelon) and the U.S. Small Business Administration was also compromised in the breach.

The stolen data contains sensitive information such as names, dates of birth, postal addresses, email addresses, government-issued identification numbers, and medical treatment and diagnosis information. Additionally, insurance claims, healthcare insurance numbers, and provider details were exposed.

Orrick also confirmed that online account credentials and credit or debit card numbers were part of the stolen data.

The number of individuals impacted by the breach has tripled since Orrick initially disclosed the incident. In the most recent data breach notice, Orrick stated that they do not anticipate notifying additional businesses of the breach, although it is unclear how they came to this decision.

It is not known how the hackers gained initial access to Orrick’s network, nor if they demanded a ransom from the law firm.

Orrick spokesperson Jolie Goldstein declined to answer questions from TechCrunch regarding the incident, stating: We regret the inconvenience and distraction caused by this malicious incident. We made it a top priority to promptly resolve the situation for our clients, the affected individuals, and our team.

In December, Orrick reached a settlement in principle for four class action lawsuits brought against them in federal court in San Francisco. The lawsuits alleged that Orrick failed to inform victims of the breach until several months after it occurred.

We are pleased to reach a settlement within a year of the incident, bringing this matter to a close. We remain dedicated to safeguarding our systems and the information of our clients and firm, added Orrick’s spokesperson.

Avatar photo
Dylan Williams

Dylan Williams is a multimedia storyteller with a background in video production and graphic design. He has a knack for finding and sharing unique and visually striking stories from around the world.

Articles: 874

Leave a Reply

Your email address will not be published. Required fields are marked *