Cyber Incident Victim: Trillium Community Health Plan
Date:
Jan 2021
Location:
United States of America
Summary
Trillium Community Health Plan experienced a data breach stemming from a third-party cyberattack targeting Accellion’s file transfer service, compromising members’ personal and health information including names, dates of birth, insurance identifiers, and medical details. The organization terminated its relationship with Accellion, removed all data from the vendor’s systems, and notified affected individuals by offering credit monitoring and identity theft restoration services, though the scale of impacted members remained undisclosed. No evidence of data misuse was identified, and the incident did not appear on the threat actors’ leak site at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 25, 2021, Trillium Community Health Plan, a HIPAA-covered entity in Oregon, was notified by Accellion of a cyberattack affecting its file transfer appliance. The breach was part of a broader campaign by the CLOP threat actor group targeting multiple Accellion clients. Trillium confirmed that unauthorized actors exfiltrated member data, including names, dates of birth, insurance identification numbers, and sensitive health information such as medical treatment details. The attack vector exploited vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA), though Trillium did not specify technical details of the compromise. No evidence indicated misuse of the stolen data at the time of disclosure. The organization did not publicly disclose the number of affected members, nor did it confirm whether CLOP issued a ransom demand. As of March 11, 2021, Trillium had not been listed on CLOP’s dedicated leak site, suggesting no further public extortion attempts occurred following the initial breach notification.
Trillium initiated breach response measures on February 26, 2021, mailing notification letters to impacted members. The notifications offered one year of complimentary credit monitoring and identity theft restoration services through a third-party provider. Organizational remediation included terminating its relationship with Accellion and removing all Trillium-owned data from Accellion’s systems. The health plan emphasized operational adjustments to prevent future incidents but did not detail specific security upgrades or system replacements. No disruptions to healthcare services or internal operations were reported in connection with the breach. Regulatory filings with the U.S. Department of Health and Human Services were presumably completed, though the article did not specify submission dates or reference numbers. The incident marked one of multiple healthcare sector breaches linked to the Accellion FTA vulnerabilities during early 2021, highlighting systemic risks associated with third-party file transfer solutions.