Cyber Incident Victim: Trinity Health

On December 16, 2022, an unauthorized party gained access to a Trinity Health Corporation employee email account, maintaining access until December 18, 2022. Trinity Health, a Michigan-based healthcare services provider operating facilities across 26 states, detected suspicious activity in the compromised account on January 5, 2023. The organization immediately initiated an investigation to determine the nature and scope of the incident. Forensic analysis confirmed the unauthorized access window and revealed that sensitive patient information stored within the email account had been potentially exposed. The breach impacted tens of thousands of individuals whose data was accessible through the compromised email system. Trinity Health conducted a comprehensive review of the affected files between January and March 2023 to identify precisely which consumers were involved and what specific data elements were at risk.

The compromised information included protected health information such as patient names, physical addresses, telephone numbers, email addresses, prescription details, medical record numbers, patient identification numbers, and dates of birth. Trinity Health Corporation formally reported the breach to the Massachusetts Attorney General on March 9, 2023, and began mailing notification letters to affected individuals the same day. As a provider of IT and billing services to member hospitals and healthcare providers, the incident exposed vulnerabilities in Trinity's email systems that could affect patients across its network of 17 clinic networks, 135 senior care centers, and 136 urgent care facilities. The breach notification did not specify the exact number of affected patients beyond referencing "tens of thousands" nor did it disclose whether the compromised email account lacked multi-factor authentication or other security controls. No evidence of actual misuse of stolen data was reported at the time of notification.