Devastating Security Breach at Law Firm and County Office

Ed. note: This article is part of the ongoing series, Cybersecurity: Tips From the Trenches, produced by our partners at Sensei Enterprises, a specialized provider of IT, cybersecurity, and digital forensics services.

Recent headlines have once again highlighted the pervasive issue of data breaches, with a major incident reported by Bassford Remele, a law firm based in Minnesota. The firm disclosed that a data breach has been occurring since the summer of 2024, affecting thousands of individuals whose sensitive medical records may have been compromised. According to the breach notification published on the firm’s website, the unauthorized access occurred between July 29 and September 4, 2024, although specifics concerning the nature of the compromised information remain unclear.

However, the firm did indicate that data possibly accessed includes Social Security numbers and medical records provided by healthcare organizations for which they offer legal services. Affected individuals have been notified, and the breach was initially detected when Bassford Remele identified unauthorized emails sent from a third-party application mimicking an employee’s email account.

In a parallel incident, a breach in Scott County, Iowa, has been confirmed, wherein an employee’s email was accessed, leading to the exposure of medical records, Social Security numbers, and other sensitive patient information of over 4,300 individuals. Such incidents underline the increasing vulnerability faced by organizations, leaving many executives and firm managers grappling with the ongoing threat of cyberattacks.

Given the escalating risks associated with data breaches, it is crucial for organizations to prioritize enhancing their email security measures, particularly in environments like Microsoft 365 and Google Workspace, which are common targets for cybercriminals. Key recommendations include the implementation of multifactor authentication across all email accounts to add an extra layer of protection. Even if a compromise occurs involving a user’s credentials, the requirement of a second factor helps thwart unauthorized access.

Additionally, firms should consider enabling a Conditional Access Policy for Microsoft 365 logins. This feature provides granular access controls, allowing organizations to establish various conditions under which users can gain access to sensitive resources, enhancing overall security posture. Equally important is activating event auditing, which enables organizations to monitor and analyze activities within their accounts, helping to detect unauthorized access and providing a clear audit trail for compliance purposes.

Integrating a Security Information and Event Management (SIEM) solution is also highly beneficial. A SIEM system allows organizations to aggregate and analyze data from different sources, aiding in the detection and response to security threats in real-time. By deploying SIEM agents across all endpoints and integrating with cloud environments, companies can significantly minimize the risk of account takeover incidents, crucial for safeguarding sensitive client and firm data.

Understanding and tracking an organization’s Microsoft Secure Score can further enhance security strategies. This tool provides a valuable metric for assessing security posture and offers actionable recommendations for improvement. Regularly reviewing and upgrading security measures is essential, as cyberattackers continuously refine their tactics.

In conclusion, organizations must take proactive steps to fortify their email systems against the growing threat landscape. The recent data breaches serve as a stark reminder of the vulnerabilities present within digital infrastructures, necessitating a comprehensive and ongoing commitment to cybersecurity best practices.


Michael C. Maschke ([email protected]) is the President and Chief Executive Officer of Sensei Enterprises, Inc. Mr. Maschke is an EnCase Certified Examiner (EnCE), a Certified Computer Examiner (CCE #744), an AccessData Certified Examiner (ACE), a Certified Ethical Hacker (CEH), and a Certified Information Systems Security Professional (CISSP). He frequently speaks on IT, cybersecurity, and digital forensics and has co-authored 14 books published by the American Bar Association.

Sharon D. Nelson ([email protected]) is the co-founder and consultant of Sensei Enterprises, Inc. She has served as the president of the Virginia State Bar, the Fairfax Bar Association, and the Fairfax Law Foundation. She is also a co-author of 18 books published by the ABA.

John W. Simek ([email protected]) is the co-founder and consultant…

Source link