An international law firm, Orrick, Herrington & Sutcliffe, known for its work with companies affected by security incidents, has fallen victim to a cyberattack. The breach resulted in the exposure of sensitive health information belonging to over 637,000 data breach victims. The incident took place in March 2023, when hackers infiltrated the firm’s network and gained unauthorized access to a file share containing the compromised data.
Key Takeaway
Orrick, Herrington & Sutcliffe, a prominent law firm specializing in handling security incidents, has experienced a data breach that compromised the sensitive health information of over 637,000 individuals. The breach, which occurred in March 2023, resulted in the unauthorized access and theft of a wide array of personal and medical data, including online account credentials and financial information. Orrick has taken steps to address the breach and has reached a settlement in principle to resolve related class action lawsuits.
Details of the Breach
Orrick, which specializes in assisting companies in managing regulatory requirements following security incidents, disclosed that the stolen data included personal information and sensitive health data of individuals affected by data breaches. The compromised information encompassed a wide range of data, such as consumer names, dates of birth, postal addresses, email addresses, government-issued identification numbers, medical treatment and diagnosis details, insurance claims information, and healthcare insurance numbers. Additionally, online account credentials and financial information, including credit or debit card numbers, were also part of the stolen data.
Impacted Organizations
Furthermore, the breach affected individuals associated with various entities, including insurance giant EyeMed Vision Care, healthcare insurance network Delta Dental, health insurance company MultiPlan, behavioral health giant Beacon Health Options (now known as Carelon), and the U.S. Small Business Administration. Orrick stated that the number of affected individuals has significantly increased since the initial disclosure of the breach.
Response and Settlement
Orrick has been working to address the aftermath of the breach and has notified the impacted individuals and organizations. The firm expressed regret over the incident and emphasized its commitment to resolving the matter promptly. Moreover, Orrick has reached an agreement in principle to settle class action lawsuits related to the breach, signaling its dedication to safeguarding the information of its clients and the firm itself.