this post was submitted on 05 Jan 2024
224 points (99.1% liked)

Technology

59436 readers
3748 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

cross-posted from: https://zerobytes.monster/post/5063838

I guess if the law firm handles its own data breach this way; you can expect the companies to handle the breaches the same way.

Summary

The international law firm Orrick, Herrington & Sutcliffe, specializing in handling security incidents for companies, suffered a cyberattack in March 2023, resulting in the exposure of sensitive health information belonging to over 637,000 data breach victims.

The stolen data included consumer names, dates of birth, postal address and email addresses, and government-issued identification numbers, such as Social Security numbers, passport and driver license numbers, and tax identification numbers. The data also includes medical treatment and diagnosis information, insurance claims information — such as the date and costs of services — and healthcare insurance numbers and provider details.

Orrick, serving as legal counsel during security incidents at other companies, revealed that the breach also affected clients such as EyeMed Vision Care, Delta Dental, MultiPlan, Beacon Health Options, and the U.S. Small Business Administration. The number of affected individuals tripled since the initial disclosure. Orrick reached a settlement for class action lawsuits in December, which accused Orrick of failing to inform victims of the breach until months after the incident, acknowledging the incident's impact and expressing regret for the inconvenience caused. The firm did not disclose details about the hackers' entry or whether a financial ransom was demanded.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 20 points 10 months ago

I work in infosec this is just plain amateur. Should have used an MS-DOS computer as the mainframe and kept it in a basement server room that is also a faraday cage. This is a room that is only accessible by Anthony Hopkins and his clone Blanthony Blopkins in a dual key system.