Skip to main content

Company Experiences Large-Scale Data Breach

Industry: Laboratories

Key Facts

  • Represent a Fortune 500 company
  • Client experienced a large-scale data breach
  • Advised on all aspects of incident response, including federal and state notification requirements, involvement of forensic experts, law enforcement coordination, and measures to mitigate harm — all while preparing the client for any ensuing government in

The Situation

Mintz represents a Fortune 500 company that provides clinical laboratory services. The company experienced a large-scale data breach when an external hacker exploited a patient-facing web application and exfiltrated more than 30,000 patient records. 

The Approach

Our team coordinated all aspects of the incident response in cooperation with in-house counsel and the client’s in-house IT security team. Mintz was responsible for retaining and managing third-party forensic expertise and for coordinating law enforcement involvement, which resulted in the identification of the attacker. Mintz also counselled the client on overlapping federal and state breach notification requirements, the content of breach notification letters, media releases, and notifications to federal and state government officials.

The Outcome

Mintz advised on measures to mitigate harm and prepared the client for any ensuing government investigation or litigation. To date, the incident has not prompted a regulatory response and claims by affected patients have been minimal. 

Supporting Professionals

Health Law Practice Member Dianne Bourque led a team including Jordan Cohen and Hope Foster as well as Cynthia Larose, head of the firm's Privacy & Security Practice.