TGI Direct, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
TGI Direct, Inc., a company providing printing and mailing services to various organizations nationwide, including health plans, experienced a data breach due to vulnerabilities in the MOVEit file transfer tool. On May 28, 2023, TGI Direct detected unusual activity within the MOVEit server, prompting an immediate response to secure their environment and mitigate potential harm. The breach was part of a larger incident affecting many companies, attributed to previously unknown vulnerabilities in the MOVEit tool that were exploited by unauthorized actors. This incident allowed unauthorized access to data stored within the tool for a duration of less than four hours on the same day.
The compromised data included personal information such as individuals’ names, insurance information, and medical information. However, it is important to note that no Social Security numbers or financial information were involved in the breach. Furthermore, there is no evidence to suggest that the accessed information has been used for identity theft or fraud.
In response to the breach, TGI Direct took several measures to address the situation and prevent future incidents. This included working with third-party cybersecurity specialists to investigate the breach, applying patches provided by Progress Software (the creators of MOVEit) to fix the vulnerabilities, and enhancing their system’s security. TGI Direct has also been proactive in notifying affected individuals and advising them to monitor their account statements and credit reports for any suspicious activity.
For those seeking more information or assistance, TGI Direct has established a dedicated toll-free assistance line and encourages affected individuals to contact them for support[1].
This incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights, indicating that 11,556 individuals were affected by the breach[11][15]. It is part of a larger trend of cybersecurity incidents impacting healthcare and associated service providers, highlighting the ongoing challenges in protecting sensitive personal and health information in the digital age[13].
Citations:
- https://www.prnewswire.com/news-releases/tgi-direct-inc-provides-notice-of-data-event-301995262.html
- https://dojmt.gov/consumer/databreach/
- https://www.qlik.com/us/products/qlik-sense
- https://www.tgidirect.com/tgi/About
- https://www.indeed.com/cmp/Tgi-Direct/reviews?fcountry=US&floc=Flint%2C+MI
- https://edubenchmark.com/course/oet
- https://www.tgidirect.com
- https://www.tannoy.com
- https://www.tgidirect.com/tgi/Capabilities/Data
- https://www.theciocircle.com/be-inspired/maria-haight-cio-at-tgi-direct
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.linkedin.com/in/joelchinsky
- https://www.hipaajournal.com/november-2023-healthcare-data-breach-report/
- https://www.franchisedirect.com/foodfranchises/tgi-fridays-franchise-10116/ufoc/
- https://twitter.com/OCRNewBreaches
- https://www.itgovernanceusa.com/blog/cybersecurity-and-data-privacy-in-the-usa-january-29-february-4-2024