New Jersey Law Firm Breach Exposes Nearly 13,000 Patients’ Sensitive Data
A cybersecurity breach at New Jersey-based law firm Greenbaum Rowe Smith & Davis LLP has compromised the personal and medical information of approximately 12,800 patients across multiple major health systems. The incident, discovered after suspicious activity was detected within the firm’s network, exposed data tied to Atlantic Health System, Hackensack Meridian Health, and Trinitas Regional Medical Center.
The unauthorized access involved files containing protected health information (PHI), which may include names, Social Security numbers, medical records, and health insurance details, though not all data categories were necessarily exposed for every individual. The firm has begun notifying affected patients and is offering free identity theft protection and credit monitoring through IDX, along with a dedicated assistance line for inquiries.
Greenbaum Rowe, which provides legal services to healthcare providers, is among the latest third-party vendors to fall victim to cybercriminals targeting the sector. Healthcare organizations and their partners remain prime targets due to the high value of patient data. Investigations into the breach are ongoing, with no public evidence yet of misuse of the exposed information.
The incident adds to a growing list of New Jersey healthcare breaches under review by the U.S. Department of Health and Human Services’ Office for Civil Rights.
Source: https://nj1015.com/nj-healthcare-data-breach/
Trinitas Regional Medical Center cybersecurity rating report: https://www.rankiteo.com/company/trinitas-regional-medical-center
Greenbaum, Rowe, Smith & Davis LLP cybersecurity rating report: https://www.rankiteo.com/company/greenbaum-rowe-smith-&-davis-llp
Atlantic Coast Life Insurance Company cybersecurity rating report: https://www.rankiteo.com/company/atlantic-coast-life-insurance-company
"id": "TRIGREATL1783600896",
"linkid": "trinitas-regional-medical-center, greenbaum-rowe-smith-&-davis-llp, atlantic-coast-life-insurance-company",
"type": "Breach",
"date": "8/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '12,800',
'industry': 'Legal Services (Healthcare)',
'location': 'New Jersey, USA',
'name': 'Greenbaum Rowe Smith & Davis LLP',
'type': 'Law Firm'},
{'industry': 'Healthcare',
'location': 'New Jersey, USA',
'name': 'Atlantic Health System',
'type': 'Healthcare Provider'},
{'industry': 'Healthcare',
'location': 'New Jersey, USA',
'name': 'Hackensack Meridian Health',
'type': 'Healthcare Provider'},
{'industry': 'Healthcare',
'location': 'New Jersey, USA',
'name': 'Trinitas Regional Medical Center',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Free identity theft protection and credit monitoring '
'through IDX, dedicated assistance line',
'data_breach': {'number_of_records_exposed': '12,800',
'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'medical records, '
'health insurance '
'details',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Protected health information '
'(PHI), personally identifiable '
'information (PII)'},
'description': 'A cybersecurity breach at New Jersey-based law firm Greenbaum '
'Rowe Smith & Davis LLP has compromised the personal and '
'medical information of approximately 12,800 patients across '
'multiple major health systems. The incident exposed data tied '
'to Atlantic Health System, Hackensack Meridian Health, and '
'Trinitas Regional Medical Center, including protected health '
'information (PHI) such as names, Social Security numbers, '
'medical records, and health insurance details.',
'impact': {'data_compromised': 'Protected health information (PHI), names, '
'Social Security numbers, medical records, '
'health insurance details',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Cyber Incident Report'}],
'regulatory_compliance': {'regulations_violated': 'HIPAA (potential)',
'regulatory_notifications': 'U.S. Department of '
'Health and Human '
'Services’ Office for '
'Civil Rights'},
'response': {'communication_strategy': 'Patient notifications, dedicated '
'assistance line',
'third_party_assistance': 'IDX (identity theft protection and '
'credit monitoring)'},
'title': 'New Jersey Law Firm Breach Exposes Nearly 13,000 Patients’ '
'Sensitive Data',
'type': 'Data Breach'}