Cyberattack on New Jersey Law Firm May Have Exposed Data Of 13K Patients

Source: Government Technology


A cyberattack on a New Jersey law firm that represents major healthcare providers in the state may have exposed nearly 13,000 patients’ names, addresses, Social Security numbers, dates of birth, medical information and health insurance information, according to a notice published May 18, 2026 by the U.S. Department of Health and Human Services, Office for Civil Rights. Greenbaum Rowe Smith and Davis discovered unauthorized access to its systems via a compromised user account on Nov. 27, 2025. After learning of the incident, the firm reset its passwords, notified law enforcement and launched an investigation to determine what happened and whose information was involved. Greenbaum’s investigation, which concluded April 15, 2026 ultimately determined that the protected health information of certain individuals was acquired by an unauthorized third party from its systems. Full Story

Visit Website