Warner Norcross and Judd, LLP

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Warner Norcross & Judd LLP, a Michigan law firm, experienced a significant data breach that was first detected on October 22, 2021. The breach involved unauthorized activity on the firm’s network server and potentially affected the personal and protected health information (PHI) of 255,160 individuals[3][4][9][11]. The compromised data included sensitive information such as names, dates of birth, Social Security numbers, driver’s licenses, government-issued IDs, financial account numbers, health information, and more[4][11].

The incident also impacted approximately 120,000 members of Priority Health, a Michigan-based health plan. The data accessed from Priority Health included names, pharmacy and claim information, drug names, and prescription dates from certain prescriptions filled in 2012[2][5][9]. Despite the breach, there has been no evidence reported of misuse of the information[4].

Warner Norcross & Judd LLP reported the breach to the U.S. Department of Health and Human Services and notified affected individuals, providing them with information on steps to take to reduce the risk of identity theft and fraud[4][11]. The firm has taken measures to strengthen the security of its digital environment to prevent similar incidents in the future[9].

A proposed class action seeking damages in connection with the 2021 data breach has been allowed to advance in Michigan federal court[1]. The firm can also immediately appeal a Michigan federal judge’s ruling that people whose data was exposed in the ransomware attack can pursue their claims[8].

Citations:

  1. https://www.law360.com/articles/1729541/trimmed-warner-norcross-data-breach-suit-advances-in-mich
  2. https://www.databreaches.net/warner-norcross-judd-notified-120000-priority-health-plan-members-of-2021-breach/
  3. https://stacker.com/michigan/biggest-health-care-data-breaches-you-should-know-about-michigan
  4. https://www.bankinfosecurity.com/wnj-breach-a-20027
  5. https://healthitsecurity.com/news/120k-priority-health-members-impacted-by-third-party-data-breach
  6. https://www.businesswire.com/news/home/20220805005283/en/Warner-Norcross-Judd-LLP-Notifies-Consumers-of-Data-Incident
  7. https://www.wnj.com/practices/cybersecurity-and-privacy/
  8. https://www.law360.com/articles/1771571
  9. https://healthitsecurity.com/news/law-firm-confirms-data-security-incident-255k-impacted
  10. https://www.wnj.com/updates/class-action-litigation-know-the-trends-be-prepared/
  11. https://www.hipaajournal.com/michigan-law-firm-medical-imaging-companies-confirm-breaches-of-patient-information/
Breach Submission Date Aug 24, 2022
Converted Entity Name Warner Norcross and Judd, LLP
Converted Entity Type Business Associate
State MI
Individuals Affected 255,160
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes