The California Office of the Attorney General disclosed a data breach affecting **Trinity Health** on **April 5, 2021**, stemming from an incident on **January 20, 2021**. The breach resulted from **unauthorized access** to files stored on an **Accellion file transfer appliance**, a third-party vendor system used by the organization. The compromised data included **protected health information (PHI)**, though the exact number of affected individuals remains undisclosed. The exposure of sensitive health records poses risks such as identity theft, fraud, or misuse of medical data, potentially impacting patients’ privacy and trust in the healthcare provider. While Trinity Health took steps to mitigate the breach—including notifying regulatory bodies and likely enhancing security measures—the incident underscores vulnerabilities in third-party vendor systems and the critical need for robust cybersecurity protocols in handling PHI.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-539704
TPRM report: https://www.rankiteo.com/company/trinityhealth
"id": "tri023090625",
"linkid": "trinityhealth",
"type": "Breach",
"date": "1/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Healthcare',
'location': 'United States (Primarily California)',
'name': 'Trinity Health',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access (Accellion File Transfer Appliance '
'Vulnerability)',
'data_breach': {'number_of_records_exposed': 'Unknown',
'sensitivity_of_data': 'High (Health Data)',
'type_of_data_compromised': 'Protected Health Information '
'(PHI)'},
'date_detected': '2021-01-20',
'date_publicly_disclosed': '2021-04-05',
'description': 'The California Office of the Attorney General reported a data '
'breach incident involving Trinity Health on April 5, 2021. '
'The breach occurred on January 20, 2021, due to unauthorized '
'access to files on an Accellion file transfer appliance, '
'potentially affecting certain protected health information, '
'though the total number of individuals impacted is unknown.',
'impact': {'data_compromised': ['Protected Health Information (PHI)'],
'systems_affected': ['Accellion File Transfer Appliance']},
'initial_access_broker': {'entry_point': 'Accellion File Transfer Appliance'},
'post_incident_analysis': {'root_causes': 'Vulnerability in Accellion FTA '
'leading to unauthorized access'},
'references': [{'date_accessed': '2021-04-05',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (Health '
'Insurance Portability and '
'Accountability Act)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Trinity Health Data Breach via Accellion File Transfer Appliance',
'type': 'Data Breach',
'vulnerability_exploited': 'Accellion FTA (File Transfer Appliance) '
'Vulnerability'}