An Ohio law firm that specializes in healthcare was the target of a ransomware attack that affected 420,532 individuals.
Bricker & Eckler discovered the data breach on Jan. 31 and launched an investigation with the help of cybersecurity forensic experts, according to a data breach notice.
The investigation determined that cybercriminals gained access to the firm's internal systems various times from approximately Jan. 14-31. The hackers obtained the data and held it for ransom.
Brickler retrieved the data, but it is unclear if they paid the ransom.
The firm said there is no evidence that the data was further copied or retained by the cyberattackers.
On about March 12, Brickler identified whose data had been breached and began notifying clients on April 6.
The breached data includes Social Security numbers, addresses, driver's license numbers and more.
In response, the law firm has increased its security protocols and will evaluate other additional measures that could increase Brickler's defense.