Ohio Law Firm Ransomware Attack and California Department of State Hospitals Insider Breach

Eckler mentioned the attackers affirmed the deletion of the stolen information and gave reassurances that no further disclosures of the stolen data will occur and that no copies of the information were kept.

Being a full-service law company helping customers in the healthcare sector, it was required for clients to give the law agency access to selected protected health information (PHI) during the client engagement. That data was utilized for the legal assistance given. It is likely that a number of that data might have been seen or acquired during the attack.

Bricker & Eckler mentioned the following PHI might have been exposed: names and addresses and, for a number of people, medical data and/or education-associated data, Social Security numbers, and/or driver’s license numbers.

The law agency began mailing notification letters to all impacted persons on April 6, 2021. The law agency has implemented measures to improve the security of its network, internal systems, and software programs to avoid identical attacks down the road.

Bricker & Eckler has reported the breach to the HHS’ Office for Civil Rights indicating that about 420,532 people were affected.

California Department of State Hospitals Finds Out Insider Breach More Serious Than Earlier Thought

In March 2021, the California Department of State Hospitals reported that one staff with an IT job got access to the information of 1,415 present and past patients and 617 employees with no permission in a 10-month time period. The hospital discovered the breach on February 25, 2021 while doing routine monitoring of staff access to data folders.

During the announcement, the investigation of the insider breach was still in progress. It has now been affirmed that the breach was even worse than earlier imagined. The information of 1,735 present and past Atascadero State Hospital workers and 1,217 DSH job seekers who were not hired was likewise viewed. The information contained telephone numbers, email addresses, birth dates, social security numbers, and health data. Although the sensitive information was accessed, no report has been received of any misuse of information.