PHI of 3.4 Million Wolf Haldenstein Clients Exposed

January 19, 2025HIPAA News0

Adler Freeman & Herz LLP (Wolf Haldenstein) in New York City has experienced a serious data breach affecting the personal data and protected health information (PHI) of 3,445,537 people. This is the information obtained from a breach notice recently sent to the Maine Attorney General.

Some states post data breach summaries on the Office for the Attorney General’s website without listing the number of people impacted or reporting the number of affected people in their states. Maine reports both information and in this data breach incident, 3,220 Maine residents were affected. The breach report disclosed the extent of the data breach, which is one of the biggest data breaches at a law practice.

The offices of Wolf Haldenstein are located in Chicago, Nashville, New York, and San Diego. The law firm’s specialty is complex litigation, which includes helping clients with data breach lawsuits. Wolf Haldenstein suspected a cyberattack on its system on December 13, 2023, after identifying suspicious network activity. Control measures were immediately undertaken to restrict the incident and stop more unauthorized access. A third-party digital forensics company investigated the incident to find out the nature and extent of the breach.

A thorough and time-consuming analysis of the impacted areas of the system affirmed the exposure and potential theft of the following data: names, employee ID numbers, Social Security numbers, clinical diagnoses, and medical claims details. There were complications during the investigation and data analysis, therefore the delay of more or less one year from discovering the attack to the issuance of notification letters.

Wolf Haldenstein has sent the breach notifications to all people whose addresses were on file. On December 3, 2024, the law agency found a part of the impacted people who had no address information on file, so they were not notified straightaway. Free credit monitoring services were provided to those who think they were impacted by the incident. Wolf Haldenstein stated it has checked and updated its guidelines and procedures associated with data privacy to comply with HIPAA law and implemented steps to avoid the same breaches down the road.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2025 ComplianceHome. All rights reserved.