Website Preloader

The ProcessBolt Platform

agsdix-c370-one-solution

ProcessBolt AI

AI-assisted vendor risk management, and real-time threat monitoring platform. 

agsdix-c370-key-insights

ThreatScape

Attack surface management and security rating solution.

agsdix-c370-manual-reviews

DocAI

Document intelligence and analytics.

agsdix-c370-collaboration

Share Center

Secure and timebound document sharing for the enterprise.

agsdix-c370-integration

Assessment & RFP Response Solution

Answer questionnaires using Knowledge Base and documents with AI assistance.

The Orrick Data Breach and the Importance of Vendor Risk Management

In March 2023, the international law firm Orrick, Herrington & Sutcliffe (“Orrick”) suffered a cyberattack, exposing the sensitive information of over 637,000 individuals. The impact of the breach spread beyond the law firm as data from Orrick customers, many in the healthcare industry who shared Protected Health Information (“PHI”) with Orrick, was also exposed as part of the breach. Orrick is a somewhat unique target for a cyberattack as the firm specializes in cybersecurity and assists companies in handling security incidents and data breaches. The compromised data included names, dates of birth, addresses, email addresses, government-issued identification numbers, medical treatment and diagnosis information, insurance claims, and healthcare insurance numbers and provider details​​.

The breach has had a profound impact on Orrick’s operations and reputation. The firm has faced a number of class action lawsuits as a result of the breach. The lawsuits were consolidated into a single class action, raising questions about Orrick’s cybersecurity measures and timeliness in addressing the breach. Despite the firm’s expertise in helping companies address security incidents and data breaches, the scale and severity of the breach challenged its preparedness and response mechanisms. In December, Orrick reached a settlement in to resolve these lawsuits, emphasizing its commitment to protecting client data and systems​​. Orrick’s situation shows that even firms with expertise in cybersecurity can fall prey to sophisticated cyberattacks. This underscores the need for continuous improvement in cybersecurity measures, including regular updates to security protocols, employee training, and investment in advanced security technologies.

The Orrick breach also reflects a growing trend in cyber incidents where third-party vendors become gateways to larger data breaches. A staggering 60%+ of data breaches originate from third-party vendors. In Orrick’s case, the stolen data pertained to several high-profile clients, including EyeMed Vision Care, Delta Dental of California, MultiPlan, Beacon Health Options, and the U.S. Small Business Administration. The breach’s scope demonstrates how interconnected and vulnerable our digital ecosystems are, and how a single breach can have far-reaching consequences​​. When sharing sensitive information with vendors, organizations must conduct comprehensive assessments, continuously monitor vendors, and develop robust contingency plans to mitigate risks associated with third-party vendors.

In addition to needing to grapple with the reputational damage from the exposure of sensitive PHI, Orrick’s customers could be held liable for the breach if they haven’t established robust practices for managing vendor risk. Third-party breaches can lead to class action lawsuits brought by affected individuals and can result in severe compliance violations, inviting scrutiny and fines from regulatory authorities for insufficient oversight of vendor risks. For example, HIPAA encompasses several provisions pertaining to vendor risk management, and organizations may face violations of HIPAA if they neglect to manage vendor risks effectively in accordance with these standards.

This breach is a wake-up call for all organizations to reevaluate and fortify their vendor risk management strategies.

How ProcessBolt Can Help

ProcessBolt offers a fully integrated, AI-driven vendor risk management platform that uniquely enables organizations to assess and continuously monitor their vendor networks, while also leveraging the latest generative AI technology to extract intelligence from vendor corporate documentation.

Get in touch today to learn more about how ProcessBolt can help you effectively and efficiently manage vendor risk.

Please enable JavaScript in your browser to complete this form.
Please enter your business email address.
Name

You May Also Like…