Law firms appear to be the latest black hat hacking trend.
No less than FIVE law firms have been breached by cybercriminal group, Maze, in the last four months, and the results have been devastating. Not only have these criminals STOLEN data, but they’ve also released extremely sensitive protected health information (PHI) from veterans’ pain diaries in connection with personal injury cases. This breach will surely call in the HIPAA watch dogs from the Office of Civil Rights, and should be a warning to ANY company with ANY access to sensitive PHI.
In addition to the law firms, Maze has also wreaked havoc on local government databases and numerous other businesses, infiltrating their networks with ransomware, encrypting and stealing sensitive data and files and then demanding ransoms. If the ransom isn’t paid, Maze releases or deletes the data, which includes HIPAA consent forms, PHI, VA documents and more.
Among Maze’s victims are two law firms that are involved in disability litigation with the U.S. Department of Veterans Affairs, Baker Wotring (TX) and Woods LLC (IN). The law firms have notified the FBI and though their businesses were compromised by the breaches, neither firm has had to close its doors, due to preventative cybersecurity measures that were in place.