Law firm pays $200,000 over “poor data security” that led to Microsoft Exchange attack

The action is related to a 2021 ransomware attack on legal firm Heidell, Pittoni, Murphy & Bach (HPMB) that exploited months-old Microsoft Exchange vulnerabilities compromised the private data of nearly 115,000 hospital patients, including names, dates of birth, social security numbers, and health information. 

2021 ransomware action amp attack breach compromised data data security exchange exploited health hospital information law led legal microsoft microsoft exchange names numbers old patients poor private private data ransomware ransomware attack risk management security social social security numbers vulnerabilities