New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


UPMC Patient Data Exposed After Breach of Local Law Firm

Pittsburgh area law firm Charles J. Hilton & Associates P.C. (CJH) recently suffered a breach that exposed over 36,000 University of Pittsburgh Medical Center (UPMC) patient records. Suspicious activity on the CJH employee email system led to an investigation which determined the unauthorized access took place between April and June of 2020. CJH has notified UPMC and the law firm is in the process of notifying all the affected parties. Data that was accessed included names, dates of birth, Social Security numbers, bank or financial account numbers, driver’s license numbers, state identification card numbers, electronic signatures, medical record numbers, patient account numbers, patient control numbers, visit numbers, and trip numbers. Additional information is also believed to be affected, including Medicare or Medicaid identification numbers, individual health insurance or subscriber numbers, group health insurance or subscriber numbers, medical benefits and entitlement information, disability access and accommodation, and information related to occupational health, diagnosis, symptoms, treatment, prescriptions or medications, drug tests, billing or claims, and/or disability. At this time, CJH stated that they have no reason to believe the information was misused, and they are offering free comprehensive credit monitoring along with identity monitoring to those who were affected.

Analyst Notes

Law firms are often targeted by cyber criminals through email phishing and malware attacks. It’s important for law firms of any size to have a cybersecurity monitoring service in place to quickly discover unauthorized access and stop it before thieves steal sensitive information. It is also worthwhile to periodically audit policies and procedure to ensure that large volumes of sensitive information are not stored in email accounts. Credit monitoring services are helpful and should be used, but the best they can do is alert the victim when a new account has been opened in their name. A more proactive approach is to place a “freeze” with each of the three major credit bureaus to signal to credit providers that new accounts should not be opened. Another important step is to notify the health insurance provider that there may be fraud due to identity theft on the victim’s account, and to carefully review all “explanation of benefits” notices to report fraudulent claims against health insurance. The IRS now allows taxpayers to sign up for an “Identity Protection PIN” to prevent other people from filing fraudulent tax returns with stolen identity information. Account statements of affected parties should be monitored on a regular basis to ensure no suspicious activity is taking place. If any unrecognized activity does take place it should be reported to the proper institution immediately. Since a large chunk of information was accessed, if it falls into the wrong hands it could lead to multiple different types of attacks.