25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Wolf Haldenstein Confirms 3.4 Million-record Data Breach

Posted By on Jan 17, 2025

The New York City law firm Wolf Haldenstein Adler Freeman & Herz LLP (Wolf Haldenstein) has suffered a major data breach involving the personal and protected health information of 3,445,537 individuals, according to a breach notice recently submitted to the Maine Attorney General.

Several states publish data breach summaries on the website of their Office for the Attorney General; however, many do not list how many individuals were affected, or only list the number of victims in their respective states. Maine lists the total number of individuals affected plus the number of state residents, in this case, 3,220 Maine residents. The breach report has revealed the scale of the data breach – one of the largest data breaches to occur at a law firm.

Wolf Haldenstein has offices in New York, Chicago, Nashville, and San Diego and specializes in complex litigation, including assisting clients with data breach litigation. A cyberattack on its network was suspected on December 13, 2023, when suspicious network activity was identified. Immediate steps were taken to contain the incident and prevent further unauthorized access, and a third-party digital forensics firm was engaged to investigate the activity and determine the nature and scope of any breach.

A comprehensive and time-consuming review of the affected parts of the network confirmed that names, Social Security numbers, employee identification numbers, medical diagnoses, and medical claims information had been exposed and potentially stolen in the incident. The investigation and data analysis experienced complications, hence the delay of almost a year between the discovery of the attack and the notification letters being issued.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Notifications have now been mailed to all individuals for whom address information could be found. The law firm identified a subset of affected individuals on December 3, 2024, for whom address information could not be located, and therefore they could not be notified directly. Complimentary credit monitoring services have been offered to individuals who believe they have been affected by the incident. Wolf Haldenstein said it has reviewed and enhanced its policies and procedures relating to data privacy and has taken steps to prevent similar breaches in the future.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist