Trillium Community Health Plan

Trillium Community Health Plan, also known simply as Trillium Community Health Plan, is a health organization headquartered in the United States. It provides health insurance coverage to members, as indicated by the personal and health information it maintains, including names, dates of birth, insurance identifiers, and medical details. The organization serves individuals enrolled in its health plans, handling sensitive data related to their healthcare and insurance. Its core function involves managing member information and administering benefits.

In January 2021, Trillium Community Health Plan experienced a data breach that originated from a third‑party cyberattack on Accellion’s file transfer service. The breach exposed members’ personal and health information, though the exact number of affected individuals was not disclosed publicly. Upon discovering the incident, the organization terminated its relationship with Accellion, removed all data from the vendor’s systems, and began notifying affected members. As part of its response, Trillium offered credit monitoring and identity theft restoration services to those impacted.

The incident was part of a broader wave of attacks exploiting vulnerabilities in Accellion’s legacy file transfer application, which affected numerous organizations across sectors such as healthcare, education, legal services, and multinational corporations. Threat actors identified as CLOP used the stolen data to extort ransom payments, threatening to leak information if demands were not met. While some victim organizations disclosed the scale of their exposures, Trillium did not reveal how many of its members were compromised. No evidence of misuse of the stolen data was found, and the breach did not appear on the attackers’ leak site at the time of reporting.

Beyond the specific breach, the organization operates within the regulated health insurance industry, requiring compliance with federal and state privacy standards such as HIPAA. Its handling of protected health information necessitates robust security measures and breach notification protocols. The decision to cut ties with Accellion and to provide remediation services reflects its adherence to breach response obligations. These actions demonstrate the organization’s focus on safeguarding member data and mitigating harm following a security incident.

Trillium Community Health Plan’s headquarters are located in the United States, though no further details about its corporate structure, ownership, or parent‑subsidiary relationships are provided in the available sources. The organization’s public disclosures concerning the Accellion incident remain the primary source of verified information about its operations and security posture. Consequently, any description of its size, market reach, or additional services must be omitted due to lack of explicit data.