Orrick Herrington & Sutcliffe LLP Breach Incident
High Level Summary of the Security Advisory
Orrick Herrington & Sutcliffe LLP, an international law firm specializing in finance, corporate and technology law, compensation and benefits, global infrastructure, litigation, and real estate, recently experienced a data breach.
According to an official filing (dated December 28, 2023) with the Office of the Maine Attorney General and reported by sources like TheCyberExpress, SecurityWeek, The Orrick, Herrington & Sutcliffe LLP data breach discovered in March 2023, exposed sensitive health information belonging to more than 637,620 individuals. The incident, detected on March 13, 2023, involved an unauthorized third party gaining remote access to a segment of Orrick’s network, including a file share used to store certain client files. Upon detection, Orrick promptly blocked the unauthorized access, initiated a response process, and launched an investigation with the assistance of third-party cybersecurity experts. No further unauthorized activity was identified since the incident's detection on March 13. It was determined that the unauthorized actor obtained files containing personal information primarily between February 28 and March 13, 2023.
Orrick notified impacted Clients and where relevant its Clients’ customers as well. As reported by Orrick, depending on the individual, the information affected may have included:
Name, address, email address, date of birth, Social Security number, driver’s license or other government-issued identification number, passport number, financial account information, tax identification number, medical treatment and/or diagnosis information, claims information (date, cost of services, and claims identifiers), health insurance identification number, healthcare provider, medical record number, prescriber name, healthcare provider license number, incidental health reference, online account credentials, and credit or debit card number.
Should I be concerned?
Maybe. It depends on if you have a relationship with Orrick. Click on the link below to find out if you have a relationship with Orrick. If you do, follow the recommendations below.
Note: this link specifically references vendor directory records. You may also want to search your Relationship List for “Orrick” to confirm.
What to do if you or your vendors have an active relationship with Orrick
According to the notice, Orrick has deployed additional security measures and tools with the guidance of third-party experts to strengthen the ongoing security of its Network. Further, it has established a dedicated call center to answer questions of impacted Clients or individuals.
Orrick has advised its customers to remain vigilant against attempts at identity theft or fraud, which includes carefully reviewing online and financial accounts, credit reports, and Explanations of Benefits (“EOBs”) from your health insurers for suspicious activity.
We recommend that you promptly reach out to the Orrick team and conduct a thorough investigation to assess any potential impact on your organization's data. Subsequently, implement the requisite remedial actions.
--------------------------------------------------------------
We are actively working on future product enhancements related to these types of events. If you found this information helpful or have additional feedback please let us know at product@visotrust.com.
For any additional questions, please reach out to your customer success manager.
Stay ahead of the curve with our Public Risk Notice Alerts!
Get the latest information and news to your inbox on cybersecurity breaches and third-party vendor risks that could impact your organization.
Sign up today to fortify your organization's security.
The VISO TRUST team
—----------—----------—-----
