"Law Firm Says Year-Old Hack Affected PHI of 255,000 People"

A Michigan law firm recently informed regulators of a hacking incident that occurred nearly a year ago and affected Protected Health Information (PHI) belonging to more than 255,000 people, including members of a Michigan health plan. Warner Norcross & Judd LLP reported a hacking/IT incident involving a network server to the US Department of Health and Human Services (HHS). The firm confirmed the health information breach through data mining and manual review, then took steps to identify current mailing addresses and notified the affected individuals as addresses became available. Individuals' name, date of birth, Social Security number, driver's license number, government-issued ID, annual compensation amount, benefit contribution information, credit card or debit card number, credit card or debit card PIN, financial account or routing number, passport number, patient account number, health information, and life insurance policy information may have been compromised as a result of the incident, according to a notice posted by the firm. This article continues to discuss the details and reporting challenges of the breach faced by the Michigan law firm, as well as what lessons should be learned from this incident. 

InfoRiskToday reports "Law Firm Says Year-Old Hack Affected PHI of 255,000 People"