Livonia, Mich.-based Trinity Health is notifying patients that their protected health information was recently accessed and downloaded by an unauthorized user, according to an April 5 news release.
Five details:
1. The incident is part of a larger, nationwide hack on Accellion, a data file transfer services provider, from January 2021. Healthcare insurer Centene, Kroger pharmacy and Stanford Medicine also reported being affected by the breach.
2. Accellion informed Trinity Health of a security issue with its file transfer platform on Jan. 29. After investigating the incident, Trinity Health determined that certain files present on the platform were downloaded by an unknown user on Jan. 20.
3. The unauthorized user was able to take advantage of a previously unknown and unreported flaw in the security of Accellion's appliance.
4. Trinity Health said files containing its patients' protected health information, including names, birthdates, medical record numbers, lab results and payer names were exposed by the incident. The health system said Social Security numbers and credit card numbers were also exposed for a "very small number" of individuals, according to the news release.
5. Trinity Health is providing free credit monitoring and identity theft resources for individuals affected by the breach. The health system also said it is evaluating its data security policies and procedures.