this post was submitted on 05 Jan 2024
224 points (99.1% liked)

Technology

59436 readers
3636 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

cross-posted from: https://zerobytes.monster/post/5063838

I guess if the law firm handles its own data breach this way; you can expect the companies to handle the breaches the same way.

Summary

The international law firm Orrick, Herrington & Sutcliffe, specializing in handling security incidents for companies, suffered a cyberattack in March 2023, resulting in the exposure of sensitive health information belonging to over 637,000 data breach victims.

The stolen data included consumer names, dates of birth, postal address and email addresses, and government-issued identification numbers, such as Social Security numbers, passport and driver license numbers, and tax identification numbers. The data also includes medical treatment and diagnosis information, insurance claims information — such as the date and costs of services — and healthcare insurance numbers and provider details.

Orrick, serving as legal counsel during security incidents at other companies, revealed that the breach also affected clients such as EyeMed Vision Care, Delta Dental, MultiPlan, Beacon Health Options, and the U.S. Small Business Administration. The number of affected individuals tripled since the initial disclosure. Orrick reached a settlement for class action lawsuits in December, which accused Orrick of failing to inform victims of the breach until months after the incident, acknowledging the incident's impact and expressing regret for the inconvenience caused. The firm did not disclose details about the hackers' entry or whether a financial ransom was demanded.

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 20 points 10 months ago

I work in infosec this is just plain amateur. Should have used an MS-DOS computer as the mainframe and kept it in a basement server room that is also a faraday cage. This is a room that is only accessible by Anthony Hopkins and his clone Blanthony Blopkins in a dual key system.

[–] [email protected] 9 points 10 months ago (1 children)

They can discuss excellent rates for their internal affairs.

[–] [email protected] 6 points 10 months ago

Deeply discounted, yet with the satisfying conclusion that our external clients get! /s

[–] [email protected] 4 points 10 months ago

This is the best summary I could come up with:


An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims.

Orrick works with companies that are hit by security incidents, including data breaches, to handle regulatory requirements, such as obtaining victims’ information in order to notify state authorities and the individuals affected.

The number of individuals known to be affected by this data breach has risen by threefold since Orrick first disclosed the incident.

Orrick said in its most recent data breach notice that it “does not anticipate providing notifications on behalf of additional businesses,” but did not say how it came to this conclusion.

Orrick spokesperson Jolie Goldstein said in a statement: “We regret the inconvenience and distraction that this malicious incident caused.

“We are pleased to reach a settlement well within a year of the incident, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm,” added Orrick’s spokesperson.


The original article contains 509 words, the summary contains 178 words. Saved 65%. I'm a bot and I'm open source!

[–] [email protected] 2 points 10 months ago

NotTheOnion