Trinity Health
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Trinity Health Data Breach
Trinity Health, a healthcare organization based in Livonia, Michigan, experienced a significant data breach that affected the personal and medical information of numerous patients. The breach was discovered on April 4, 2023, after a cyberattack that began on March 7, 2023, and continued until April 7, 2023, when the systems were secured[1].
Details of the Breach
The compromised data included sensitive information such as names, addresses, birth dates, Social Security numbers, diagnosis codes, treatment information, prescription details, and service and discharge records[1]. Trinity Health responded by offering affected individuals complimentary credit monitoring services for 12 months[1].
Legal Action
A class action lawsuit was filed against Trinity Health, Mercy Health Network, and Mercy Medical Center – Clinton, with allegations including negligence, breach of contract, and breach of confidence. The lawsuit, filed on behalf of plaintiff Jennifer Medenblik, claims that Trinity Health failed to protect patient data and monitor its systems for intrusions, which allowed hackers to remain undetected within its systems for a month[1][4]. The lawsuit also alleges violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and accuses Trinity Health of not following healthcare industry best practices and Federal Trade Commission (FTC) guidelines[1].
Impact and Response
The breach has raised concerns about cybersecurity in the healthcare sector and the importance of protecting sensitive patient data. Trinity Health has notified affected patients about the attack, but the lawsuit claims that the notifications were inadequate and did not provide the necessary support, nor did they offer satisfactory assurances that the impacted data had been recovered or deleted, or that adequate cybersecurity measures have been implemented post-breach to prevent future incidents[1][7].
Broader Context
This incident is part of a larger pattern of cyberattacks targeting healthcare organizations. In 2021, Trinity Health was also affected by a data breach involving Accellion’s file transfer platform, which impacted 586,869 patients[8][10]. The healthcare industry continues to face challenges in securing patient information against increasingly sophisticated cyber threats.
Citations:
- https://www.hipaajournal.com/21000-record-data-breach-sparks-trinity-health-class-action-lawsuit/
- https://www.mass.gov/doc/assigned-data-breach-number-20084-trinity-health-additional-information/download
- https://www.teiss.co.uk/news/trinity-health-of-new-england-breach-impacts-more-than-45000-patients-11881
- https://www.fiercehealthcare.com/providers/trinity-health-hit-class-action-alleging-inadequate-safeguarding-blame-march-data-breach
- https://pages.bitglass.com/rs/418-ZAL-815/images/CDFY21Q1HealthcareBreachReport2021.pdf
- https://www.jdsupra.com/legalnews/trinity-health-corporation-reports-data-9963776/
- https://www.ifaxapp.com/hipaa/data-breach-class-action-trinity-health/
- https://www.paubox.com/blog/over-half-million-trinity-health-patients-affected-data-breach
- https://www.beckershospitalreview.com/cybersecurity/trinity-health-notifies-patients-of-data-breach.html
- https://healthitsecurity.com/news/586k-trinity-health-patients-added-to-accellion-tally-as-lawsuits-pile-up
- https://medcitynews.com/2021/04/500000-trinity-health-patients-affected-in-widespread-accellion-data-breach/