One month after first detecting a problem, Boston law firm Taylor, Ganson & Perrin LLP is providing notice of a data security breach. Like many law firms who have experienced breaches, clients’ medical information and what might be protected health information may have been accessed or acquired by the unnamed threat actor(s), but whether it was actually PHI in this situation and reportable as a HIPAA breach is not yet clear. Nor is it clear yet how many people have been impacted, and whether this was a ransomware incident or some other type of hack.
If you were or are a client of theirs or were involved in any litigation or legal matters that might have resulted in your information being on their server, you should probably take note of this incident and see what kinds of information may have been acquired about you.Their press release begins:
BOSTON, Feb. 22, 2022 /PRNewswire/ — Taylor, Ganson & Perrin LLP (“TGP”) is providing notice of a recent event that may affect the privacy of certain personal information. TGP provides legal services to individuals, families, trusts and businesses primarily throughout Massachusetts. Information about TGP can be found at http://www.taylorganson.com/. TGP is providing information about this event, TGP’s response to it, and resources available to individuals to help protect their information, should they feel it necessary to do so.
What Happened? On January 23, 2022, TGP discovered unusual activity on certain computer systems. TGP quickly disconnected these systems from the network and commenced an intensive investigation to determine the source and scope of the incident. Although the investigation is not complete at this time, on or about January 27, 2022, the investigation determined that certain information stored within the TGP environment had been accessed and/or acquired by an unauthorized actor in connection with this incident. However, TGP continues to investigate the scope of the unauthorized access to determine what specific information may have been accessed and/or acquired and to whom that information relates. TGP is providing this notice in an abundance of caution to inform you of the incident so that you may take steps to protect your information.
What Information Was Involved? The information that may have been subject to access and/or exfiltration varies by individual based upon the information provided to TGP. The type of information could include name, Social Security number, driver’s license number or state identification card number, passport number, military identification number, financial account information, credit card number, medical information, health insurance information, username and password for online accounts, digital signature and/or taxpayer identification number.
How Will Individuals Know If They Are Affected By This Incident? If you would like to know if you are potentially affected by this incident, please call TGP’s dedicated assistance line, detailed below.
Read the full press release from the firm at PRNewswire or access the notice on their website.