TGI Direct, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

TGI Direct, Inc., a company providing printing and mailing services to various organizations nationwide, including health plans, experienced a data breach due to vulnerabilities in the MOVEit file transfer tool. On May 28, 2023, TGI Direct detected unusual activity within the MOVEit server, prompting an immediate response to secure their environment and mitigate potential harm. The breach was part of a larger incident affecting many companies, attributed to previously unknown vulnerabilities in the MOVEit tool that were exploited by unauthorized actors. This incident allowed unauthorized access to data stored within the tool for a duration of less than four hours on the same day.

The compromised data included personal information such as individuals’ names, insurance information, and medical information. However, it is important to note that no Social Security numbers or financial information were involved in the breach. Furthermore, there is no evidence to suggest that the accessed information has been used for identity theft or fraud.

In response to the breach, TGI Direct took several measures to address the situation and prevent future incidents. This included working with third-party cybersecurity specialists to investigate the breach, applying patches provided by Progress Software (the creators of MOVEit) to fix the vulnerabilities, and enhancing their system’s security. TGI Direct has also been proactive in notifying affected individuals and advising them to monitor their account statements and credit reports for any suspicious activity.

For those seeking more information or assistance, TGI Direct has established a dedicated toll-free assistance line and encourages affected individuals to contact them for support[1].

This incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights, indicating that 11,556 individuals were affected by the breach[11][15]. It is part of a larger trend of cybersecurity incidents impacting healthcare and associated service providers, highlighting the ongoing challenges in protecting sensitive personal and health information in the digital age[13].

Citations:

  1. https://www.prnewswire.com/news-releases/tgi-direct-inc-provides-notice-of-data-event-301995262.html
  2. https://dojmt.gov/consumer/databreach/
  3. https://www.qlik.com/us/products/qlik-sense
  4. https://www.tgidirect.com/tgi/About
  5. https://www.indeed.com/cmp/Tgi-Direct/reviews?fcountry=US&floc=Flint%2C+MI
  6. https://edubenchmark.com/course/oet
  7. https://www.tgidirect.com
  8. https://www.tannoy.com
  9. https://www.tgidirect.com/tgi/Capabilities/Data
  10. https://www.theciocircle.com/be-inspired/maria-haight-cio-at-tgi-direct
  11. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  12. https://www.linkedin.com/in/joelchinsky
  13. https://www.hipaajournal.com/november-2023-healthcare-data-breach-report/
  14. https://www.franchisedirect.com/foodfranchises/tgi-fridays-franchise-10116/ufoc/
  15. https://twitter.com/OCRNewBreaches
  16. https://www.itgovernanceusa.com/blog/cybersecurity-and-data-privacy-in-the-usa-january-29-february-4-2024
Breach Submission Date Nov 21, 2023
Converted Entity Name TGI Direct, Inc.
Converted Entity Type Business Associate
State MI
Individuals Affected 16,113
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes