LegalTechPrincess

It is 2023 and almost every company in the world handles peoples data. But while certain regions of the world are not as advanced in protecting data privacy of data subjects, I was quite  surprised to read about this particular data breach in the news.   On March 27, 2023, New York Attorney General Letitia James announced that a New York-based law firm (Heidell, Pittoni, Murphy & Bach LLP) had agreed to pay $200,000 in penalties and enhance its cybersecurity practices to settle charges stemming from a 2021 data breach. The New York AG alleged that, in November 2021, the firm experienced a cybersecurity incident in which attackers acquired the private data of over 114,000 patients of hospitals who were clients of the firm, including names, Social Security numbers, dates of birth and health information. The cause of the breach was a software vulnerability for which a patches had been issued, but allegedly not implemented by the firm. The AG’s investig...