Posted On March 16, 2023 Consumer Privacy & Data Breaches
March 15, 2023 – The Massachusetts Attorney General received notification of a data breach from Trinity Health Corporation on March 9, 2023, after it was discovered that a data security incident had exposed the private information of tens of thousands of patients. An unauthorized party was able to access consumers’ names, phone numbers, addresses, email addresses, dates of birth, patient ID numbers, prescription information, and protected health information as a result of the event, according to the company’s formal filing. Once it was established that customer data had been compromised, Trinity started notifying everyone who had been affected by the recent data security incident.
The data breach at Trinity Health Corporation is being looked into by the data breach lawyers at Console & Associates, P.C. We are providing free consultations where we can go over your legal options if you have received a breach notice and are curious about what you can do to protect yourself and if you are able to get financial confirmation from Trinity.
A provider of medical services, Trinity Health Corporation offers email and other information technology and billing services to its member institutions and healthcare organizations. Trinity Health is headquartered in Livonia, Michigan, and has locations in 26 states, including 135 senior care centers, 17 integrated clinic networks, and 136 urgent care centers. More than 123,000 individuals work for Trinity Health, which has an annual revenue of around $21 billion.
According to the company’s report to the Massachusetts Attorney General, on January 5, 2023, Trinity found suspicious activity in a worker’s email account. In response, Trinity launched an inquiry into the incident, which revealed that between December 16, 2022, and December 18, 2022, a company email account was accessed by an unauthorized party.
After learning that an unauthorized party might have accessed private consumer information, Trinity Health started to examine the affected files to ascertain what data was stolen and which customers were impacted. Your name, phone number, address, email address, date of birth, patient ID number, prescription details, and protected health information may all have been compromised, though that may vary by individual.
On January 5, 2022, Trinity sent data breach notification letters to all individuals whose information had been compromised in the cyberattack.
Your confidential information, including protected health information, may have been compromised if Trinity Health notifies you of a data breach. However, what can be done with your secured health information?
According to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), only specific material is regarded as protected. Names, pertinent dates such as birth dates, medical record numbers, account numbers, addresses, Social Security numbers, and many more IDs totaling 18 identifiers make up some of the information that is regarded as protected.
Hackers can use the listed information for a variety of purposes or even offer it to third parties on the dark web for their own gain. Receiving medical treatment using your information is one such instance of medical identity theft. It may also tamper with information in your medical records, such as information on diagnoses and medications, leaving you with unpaid medical expenses.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Trinity Health Corporation data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent to affected individuals:
You are receiving this letter because the patient listed above received services from a hospital or health care provider that is a current or former member of Trinity Health. The purpose of this letter is to notify you of an incident that may impact the privacy of certain confidential information related to the patient.
Trinity Health provides information technology and billing services for its member hospitals and health care providers, including email services. Trinity Health, on behalf of Trinity Health Of New England, writes to notify you of an incident that may impact the privacy of certain information provided to us. We take this incident seriously and are providing you information about the incident, our response, and steps you can take to protect your information.
What Happened? On January 5, 2023, we learned of unusual activity in an employee’s email account and immediately began an investigation. The investigation determined there was unauthorized access to the email account between December 16, 2022 and December 18, 2022. Therefore, we conducted a review of the contents of the account to determine the type of information contained in the email account.
What Information Is Involved? On February 14, 2023, we completed our review and determined the types of information that had the potential to be exposed in the email account included your name and may have included some of the following data elements: medical record number/patient ID number, encounter number, location of service, provider name and specialty, procedure name, insurance name/type, billing balance, and date of birth. For a very limited number of patients, the information may also have included address, phone number, email address, and prescription information.
What We Are Doing. In response to this incident, we changed the email account password and reviewed our policies and procedures related to data protection. We believe the risk of any potential misuse, including identity theft with this information, is low.
What You Can Do. As an additional precautionary measure, we are providing you information about resources available to you in the enclosed Steps You Can Take to Protect Your Information.
For More Information. We deeply regret any inconvenience or concern this incident may have caused you. Although we believe there is a low potential for misuse of this information, if you would like the additional support of 12 months of complimentary credit monitoring, please contact our dedicated assistance line to enroll.
Additionally, if you have questions, you may contact our dedicated assistance line at 1-833-753-4764, Monday through Friday from 9 a.m. to 9 p.m. ET (excluding major U.S. holidays).