Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Medical Malpractice Law Firm Reports Data Breach

June 14, 2022

SC Magazine reported on June 7 that Heidell Pittoni Murphy & Bach (HPMD), the medical malpractice litigation counsel for New York Presbyterian Hospital, recently began notifying 114,979 patients that their data was acquired during an apparent extortion incident in December 2021.

As I have often noted, weekends and holidays are favorite times to mount a cyberattack – this appears to be another example.

Suspicious activity was discovered within the network environment on Christmas 2021. The firm’s IT personnel responded and partnered with a third-party forensic specialist to analyze the activity. Also, HPMD “immediately engaged a law firm specializing in cybersecurity and data privacy to investigate further.”

The initial assessment revealed an attacker “gained control over certain firm information for a period of time until HPMD was able to negotiate its return.” The data could include names, dates of birth, SSNs, and medical treatment information, which was “part of a tranche of data accessed and briefly held” by the hacker.

HPMD has since confirmed the security of the network environment and ensured “no further unauthorized activity has continued.” The firm has also reviewed and revised its security policies and procedures.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology