Burr & Forman LLP

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Burr & Forman LLP, a law firm based in Birmingham, Alabama, experienced a significant data security incident that was first detected on October 23, 2023, due to anomalous activity on one of the firm’s laptops. This incident led to unauthorized access and acquisition of certain documents and information, including sensitive personal data. The investigation, which involved cybersecurity experts, determined that the compromised data included names, Social Security numbers, medical coding information with dates and descriptions, and insurance information. Notably, the breach did not affect the computer systems of Burr & Forman’s clients, including Oceans Healthcare and Summit BHC, but it did impact data belonging to some of the firm’s clients[1][5].

The firm took immediate action by activating its Incident Response Plan and notifying the affected parties, including Oceans Healthcare and Summit BHC, on November 10, 2023. Burr & Forman also began sending notification letters to impacted individuals with identifiable address information on January 9, 2024, and established a toll-free call center to address questions and concerns related to the incident[1].

The breach has been reported to have affected nearly 20,000 people, specifically impacting the data of two health care clients subject to the Health Insurance Portability and Accountability Act (HIPAA). Burr & Forman has been working directly with these clients to address the breach and comply with all required notices and actions[9].

In response to the breach, Burr & Forman has taken steps to enhance its network security and has reported the incident to the Federal Bureau of Investigation (FBI). The firm has expressed deep regret for any inconvenience or concern caused by the incident and has reiterated its commitment to the privacy and protection of all information[1][5].

Affected individuals have been advised to monitor their accounts for suspicious activity, report any fraudulent activity or suspected incidents of identity theft to law enforcement, and consider placing a fraud alert on their credit reports. Burr & Forman has provided information on how to obtain a free credit report from the three nationwide credit reporting agencies and how to place a fraud alert on credit accounts[1].

Citations:

  1. https://www.burr.com/notice-of-data-security-incident
  2. https://www.prnewswire.com/news-releases/burr–forman-provides-notice-of-data-security-incident-302034202.html
  3. https://www.burr.com/people
  4. https://www.msdlegal.com/blog/2024/01/burr-forman-llp-data-breach-class-action-investigation/
  5. https://cybermaterial.com/burr-forman-data-security-incident-update/
  6. https://www.law.com/dailybusinessreview/?slreturn=20240019172850
  7. https://www.law360.com/pulse/legal-tech/articles/1786411/burr-forman-discloses-october-data-breach
  8. https://rmaintl.org/events/2024-annual-conference-agenda/
  9. https://www.law.com/dailyreportonline/2024/01/16/burr-forman-faces-data-breach-of-health-care-client-information/
  10. https://www.burr.com/people/beth-shirley
  11. https://bnnbreaking.com/politics/courts-law/burr-forman-reports-data-breach-impacting-client-information/
  12. https://www.law360.com/articles/1786411/burr-forman-discloses-october-data-breach
  13. https://datafort.com/privacy-breach-at-burr-forman-law-firm-faces-security-crisis/
  14. https://healthitsecurity.com/news/healthcare-data-breaches-continue-to-impact-patients-in-new-year
  15. https://beyondmachines.net/event_details/law-firm-burr-forman-reports-data-breach-0-a-v-u-5
  16. https://www.burr.com/people/rachel-friedman
  17. https://www.burr.com/capabilities/commercial-corporate-litigation/class-action
Breach Submission Date Jan 09, 2024
Converted Entity Name Burr & Forman LLP
Converted Entity Type Business Associate
State AL
Individuals Affected 19,893
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes