Davies, McFarland & Carroll LLC, a law firm based in Pittsburgh, Pennsylvania, and specializing in medical malpractice, has disclosed a significant data breach. This incident involved unauthorized access to the sensitive information belonging to 54,712 individuals, which the firm holds due to its role as a business associate of various HIPAA-covered entities. The firm is routinely provided with access to protected health information as part of its legal services.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
The breach was initially detected on or around May 22, 2025, when a network intrusion was identified. The firm quickly engaged external cybersecurity experts to conduct a thorough investigation into the incident. This investigation confirmed that an unauthorized third party had successfully accessed the firm’s network over a period spanning from May 19, 2025, to May 22, 2025.
During the three-day period of unauthorized access, the investigation determined that files containing sensitive data were either viewed or acquired by the malicious actor. The comprehensive forensic investigation and subsequent review of the affected files took several months to complete, finally concluding on September 25, 2025, at which point the exposure of the sensitive data was officially confirmed.
While a substitute breach notice is not currently available on the Davies, McFarland & Carroll website, the firm has proceeded with notifications. The notification letter submitted to the Maine Attorney General currently has the specific types of exposed data redacted. However, affected individuals began to receive personal notification letters on November 24, 2025, and these letters specify the exact categories of information that were compromised.
As a protective measure against the potential misuse of the exposed data, Davies, McFarland & Carroll is offering the affected individuals complimentary identity protection services. These services, provided through Cyberscout, include 12 months of single-bureau credit monitoring, a credit report, and a credit score.
Source: Pittsburgh Law Firm Davies Mcfarland And Carroll Reports Significant Data Breach