Massive data breach at Zumpano Patricios exposes sensitive data of 280,000 Individuals

American law firm Zumpano Patricios said it suffered a significant data security incident earlier this year that compromised the sensitive personal data of almost 280,000 individuals.

 

Headquartered in Coral Gables, Florida, Zumpano Patricios is a law firm with a practice area representing healthcare providers in disputes withhealth insurance companies over payment for medical services rendered to patients.

 

In a data security incident notice filed with the Office of New Hampshire Attorney General, Zumpano Patricios said that on May 6, it identified a cyber attack affecting its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The company also took steps to contain the incident, secure the affected network and notified relevant law enforcement authorities about the same.

 

“The date and time on which the cyber-attack intrusion began are not known at this time. During the investigation, we learned that an unauthorised third party had the opportunity to access and potentially exfiltrate (remove) copies of certain files from our IT environment. Health care providers were notified on May 14, 2025,” the law firm said. 

 

The compromised data included names, social security numbers, provider names, member ID numbers, health insurer information, dates of service, amounts charged by providers, payment amounts received for the services, clinical coding information and medical records.

 

ZP Law added that medical records in the possession of healthcare providers were not affected by the incident and the incident did not impact any ability to receive care.

 

The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights where ZP Law said it has identified at least 279,275 impacted by the incident.

 

ZP Law has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services through IDX to all affected individuals.