Trinity Health

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Trinity Health Data Breach

Trinity Health, a healthcare organization based in Livonia, Michigan, experienced a significant data breach that affected the personal and medical information of numerous patients. The breach was discovered on April 4, 2023, after a cyberattack that began on March 7, 2023, and continued until April 7, 2023, when the systems were secured[1].

Details of the Breach

The compromised data included sensitive information such as names, addresses, birth dates, Social Security numbers, diagnosis codes, treatment information, prescription details, and service and discharge records[1]. Trinity Health responded by offering affected individuals complimentary credit monitoring services for 12 months[1].

Legal Action

A class action lawsuit was filed against Trinity Health, Mercy Health Network, and Mercy Medical Center – Clinton, with allegations including negligence, breach of contract, and breach of confidence. The lawsuit, filed on behalf of plaintiff Jennifer Medenblik, claims that Trinity Health failed to protect patient data and monitor its systems for intrusions, which allowed hackers to remain undetected within its systems for a month[1][4]. The lawsuit also alleges violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and accuses Trinity Health of not following healthcare industry best practices and Federal Trade Commission (FTC) guidelines[1].

Impact and Response

The breach has raised concerns about cybersecurity in the healthcare sector and the importance of protecting sensitive patient data. Trinity Health has notified affected patients about the attack, but the lawsuit claims that the notifications were inadequate and did not provide the necessary support, nor did they offer satisfactory assurances that the impacted data had been recovered or deleted, or that adequate cybersecurity measures have been implemented post-breach to prevent future incidents[1][7].

Broader Context

This incident is part of a larger pattern of cyberattacks targeting healthcare organizations. In 2021, Trinity Health was also affected by a data breach involving Accellion’s file transfer platform, which impacted 586,869 patients[8][10]. The healthcare industry continues to face challenges in securing patient information against increasingly sophisticated cyber threats.

Citations:

  1. https://www.hipaajournal.com/21000-record-data-breach-sparks-trinity-health-class-action-lawsuit/
  2. https://www.mass.gov/doc/assigned-data-breach-number-20084-trinity-health-additional-information/download
  3. https://www.teiss.co.uk/news/trinity-health-of-new-england-breach-impacts-more-than-45000-patients-11881
  4. https://www.fiercehealthcare.com/providers/trinity-health-hit-class-action-alleging-inadequate-safeguarding-blame-march-data-breach
  5. https://pages.bitglass.com/rs/418-ZAL-815/images/CDFY21Q1HealthcareBreachReport2021.pdf
  6. https://www.jdsupra.com/legalnews/trinity-health-corporation-reports-data-9963776/
  7. https://www.ifaxapp.com/hipaa/data-breach-class-action-trinity-health/
  8. https://www.paubox.com/blog/over-half-million-trinity-health-patients-affected-data-breach
  9. https://www.beckershospitalreview.com/cybersecurity/trinity-health-notifies-patients-of-data-breach.html
  10. https://healthitsecurity.com/news/586k-trinity-health-patients-added-to-accellion-tally-as-lawsuits-pile-up
  11. https://medcitynews.com/2021/04/500000-trinity-health-patients-affected-in-widespread-accellion-data-breach/
Breach Submission Date Aug 29, 2022
Converted Entity Name Trinity Health
Converted Entity Type Business Associate
State MI
Individuals Affected 5,738
Breach Type Unauthorized Access/Disclosure

Breach Information Location Network Server

Business Associate Present Yes