Wolf Haldenstein Suffers Data Breach Impacting 3.4 Million Records

by

The law firm Wolf Haldenstein Adler Freeman & Herz LLP (Wolf Haldenstein) located in New York City encountered a data breach affecting the personal data and protected health information (PHI) of 3,445,537 people. The law firm submitted a breach notice not long ago to the Maine Attorney General.

A few states post data breach reports on the Office for the Attorney General’s website; nevertheless, many fail to state the number of individuals impacted, or simply list the number of affected individuals in their particular states. Maine publishes the total number of people impacted as well as the number of impacted state residents. For this data breach report, there were 3,220 Maine residents. Based on the breach report, this data breach is one of the biggest data breaches to happen at a law practice.

Wolf Haldenstein has law offices in Chicago, New York, San Diego, and Nashville. It focuses on complex litigation, such as helping clients with data breach lawsuits. After identifying suspicious system activity, Wolf Haldenstein suspected a cyberattack on its system on December 13, 2023. It implemented immediate action to limit the impact of the incident and stop continuing unauthorized access. A third-party digital forensics company investigated the incident to know the nature and magnitude of the breach.

A careful analysis of the impacted portions of the system revealed the hacker accessed and likely stole the following data: names, employee ID numbers, Social Security numbers, medical findings, and medical claims data. There were problems encountered during the investigation and data analysis, which resulted in a delay of more or less a year from the awareness of the incident to the time of sending the breach notification letters.

For individuals who had contact details in the records, Wolf Haldenstein already mailed the notification letters to them. The law firm found more impacted people on December 3, 2024, whose addresses could not be found, and so they were not yet notified. Free credit monitoring services were provided to individuals believed to have been affected by the attack. Wolf Haldenstein stated it has assessed and updated its guidelines and procedures concerning data privacy and has taken the proper measures to avoid identical breaches down the road. Cases such as this show how important employee HIPAA training is to limit the impact of an attack

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]