Cybersecurity News

Ransomware Attack Targets Protected Health Information at Law Firm

The law firm announced the ransomware attack included medical and health information.

A cyber attack led to a data incident involving health information at a law firm.

Source: Getty Images

By Lisa Gentes-Hunt

- The Campbell, Conroy & O’Neil law firm, which has 10 locations around the country, announced a data privacy incident that included protected health information (PHI.) 

Some of the PHI involved in the data breach included medical and health insurance information, according to the law firm’s press release published on July 16. 

“On February 27, 2021, Campbell became aware of unusual activity on its network,” the press release states. An investigation “determined that the network was impacted by ransomware, which prevented access to certain files on the system.” 

The law firm, which has offices in Connecticut, Florida, Maine, Massachusetts, New Jersey, Pennsylvania, New Hampshire, and Rhode Island, worked with forensic investigators “to investigate the full nature and scope of the event and to determine what information may have been impacted and to whom the information relates. Campbell also alerted the FBI of the incident,” according to the press release. 

“Campbell is providing notice because the investigation thus far determined that certain information relating to individuals was accessed by the unauthorized actor,” the press release states.  

“We cannot confirm if the unauthorized actor accessed or viewed any specific information relating to individuals,” it states. “However, we determined that the information present in the system included certain individuals' names, dates of birth, driver's license numbers / state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (usernames and passwords.) Please note that the information varies by individual and for many individuals, a limited number of data types were determined to be accessible.” 

The firm said it is reviewing policies and procedures and is “working to implement additional safeguards to further secure our information systems.” 

“Campbell is committed to, and takes very seriously, its responsibility to protect all data entrusted to us.”  

Campbell is offering “24 months of complimentary access to credit monitoring, fraud consultation, and identity theft restoration services to individuals whose Social Security numbers or the equivalent were accessible as a result of this event,” the media release states.  

For more detailed information, impacted individuals can visit Campbell's website at: https://campbelltriallawyers.com/