With the specific incident, the type of patient information compromised in the attack consisted of data used by Charles J. Hilton & Associates to provide its contracted billing-related legal services to UPMC.
In terms of the analysis of the cyberattack, Apoorv Agarwal, co-founder and CEO at Text IQ, an artificial intelligence platform, looks at the situation for Digital Journal.
Agarwal says the impact upon the legal sector is growing and has become considerable, noting: “Law firm data breaches like the breach exposing the personal health information of more than 36,000 patients of the University of Pittsburgh Medical Center are problematic since law firms collect data from multiple enterprises and can result in a breach of data for all parties.”
There’s a reason why law firms are in the spotlight, as Agarwal suggests: “Cybercriminals prefer to target entities like law firms because of the enterprise data they possess and the fact that law firms, unlike enterprises, may not spend tens of millions of dollars each year on cybersecurity.”
The recent incident also clarifies why companies need to be put in place appropriate measures to protect their data. Agarwal states: “This breach will be a painful reminder for law firms to better understand what sensitive data they hold, and to invest in protocols and technologies to automate the process of determining whose data has been breached. Investing in secure automation platforms may be the only feasible way for law firms to enable response teams to make quicker, more informed and more accurate decisions on who to notify based on applicable regulations.”
