Advertisement

29

Bottom Row Image

Advertisement

June 03, 2023

ANOTHER ONE: Wolf Takes Down Citrix in TCPA Class Settlement Worth $2... by: Eric J. Troutman
Georgia Introduces New Commercial Financing Disclosure Requirements by: Moorari Shah and A.J. S. Dhaliwal
Irish Supervisory Authority "Poking" at Meta's GDPR... by: Claude-Étienne Armingaud and Whitney E. McCollum
ODH Finalizes Revised Health Care Services Rules by: Allen R. Killworth
Wisconsin Supreme Court Affirms Court of Appeals Decision that Anti-... by: Janet Cain
Sixth Circuit Ruling Offers Clarity on Jurisdictional Border Between... by: Zachary T. Byers
Michigan Passes Amendment to Elliott-Larsen Civil Rights Act to... by: Adam S. Forman and Jennifer Barna
DOE Intends New Energy Earthshot to Decarbonize Transportation and... by: Lynn L. Bergeson and Carla N. Hutton
U.S. Supreme Court: Federal Labor Law Does Not Bar State Torts for... by: Jonathan J. Spitz and Richard F. Vitarelli
EPA Completes Verification Analysis of PFAS Scientific Testing of... by: Lynn L. Bergeson
Nevada State Court Rulings Highlight Importance of Strategic... by: Michael S. Levine and Cary D. Steklof
Minnesota’s New Paid Family and Medical Leave, Sick Leave, Amended... by: Katharine C. Weber and Daniel L. Blanchard
Eight Easy Ways to Enhance Your Social Media Presence by: Stefanie M. Marrone

June 02, 2023

June 01, 2023

May 31, 2023

Article By

Linn F. Freedman

Robinson & Cole LLP

Data Privacy + Security Insider

Related Practices & Jurisdictions

New York

Advertisement

NYAG Issues Fine Against Law Firm for Data Breach

Thursday, March 30, 2023

New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the information in a data breach.

According to the press release, the law firm agreed to pay $200,000 for “poor data security measures [that] made it vulnerable to a 2021 data breach” and compromised the private information of 61,438 individuals residing in New York. James stated, “The law firm represents New York City area hospitals and maintains sensitive private information from patients,” and its “data security failures violated not only state law, but also HIPAA.”

The incident occurred when a threat actor was able to exploit a vulnerability in the law firm’s Microsoft Exchange server that had not been patched, resulting in the exposure of personal and health information of 114,979 individuals. The Attorney General found that the firm “failed to adopt several measures required by HIPAA. . . . including conducting regular risk assessments of its systems, encrypting the private information on its servers, and adopting appropriate data minimization practices.” The agreement requires the law firm to pay the fine and strengthen its cybersecurity measures.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XIII, Number 89

Advertisement

Latest Legal News & Analysis

ANOTHER ONE: Wolf Takes Down Citrix in TCPA Class Settlement Worth $2.75MM

Georgia Introduces New Commercial Financing Disclosure Requirements

Sheppard, Mullin, Richter & Hampton LLP

Irish Supervisory Authority "Poking" at Meta's GDPR Practices

ODH Finalizes Revised Health Care Services Rules

Epstein Becker & Green, P.C.

Wisconsin Supreme Court Affirms Court of Appeals Decision that Anti-Assignment...

von Briesen & Roper, s.c.

Advertisement

TRENDING LEGAL ANALYSIS

Eight Easy Ways to Enhance Your Social Media Presence

By

Stefanie Marrone Consulting

China’s National Intellectual Property Administration to Cease Accepting Trademark...

By

Schwegman, Lundberg & Woessner, P.A.

Upcoming NYSE and NASDAQ Clawback Requirements

By

Jones Walker LLP

Beltway Buzz, June 2, 2023

By

Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

Latin America Energy Updates: January – April 2023

By

Greenberg Traurig, LLP

U.S. Workforce Positive Post-Accident Marijuana Drug Test Rates Reach Twenty-Five...

By

Jackson Lewis P.C.

Upcoming Legal Education Events

PE & Healthcare Summit Berlin 2023

Tuesday, June 6, 2023

FinTech University: FinTech and International Law

Tuesday, June 6, 2023

Ward and Smith's 2023 Health Care Breakfast and Learns at New Bern Golf & Country Club!

Wednesday, June 7, 2023

PCI DSS 4.0: Third-party Service Providers And Risk Management

Wednesday, June 7, 2023

Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn F. Freedman

Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

[email protected]

401-709-3353