Trinity Health Corp. experienced a data breach in January 2021 due to a vulnerability in the **Accellion File Transfer Appliance**, exposing sensitive patient data. The compromised information included **names, addresses, emails, dates of birth, Social Security numbers, medical records (healthcare providers, services, lab results, medications, immunization types), payment details, credit card information, and claims data**. Approximately **18,153 California residents** were affected, leading to a **$450,000 class-action settlement**. Victims could claim **up to $1,000 for out-of-pocket losses** (e.g., identity theft, credit monitoring, card replacements) and a **pro rata cash payment** (ranging from $11 to $231, depending on claim participation). The breach stemmed from **unauthorized access to patient files**, raising concerns over inadequate data protection measures. While Trinity Health denied liability, the settlement addressed financial and reputational damages, including potential fraud risks for affected individuals.
Source: https://www.claimdepot.com/settlements/trinity-health-class-claim
TPRM report: https://www.rankiteo.com/company/trinityhealth
"id": "tri1002810112025",
"linkid": "trinityhealth",
"type": "Breach",
"date": "1/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '18,153 (California residents)',
'industry': 'Healthcare',
'location': 'United States (California residents '
'primarily affected)',
'name': 'Trinity Health Corp.',
'type': 'Healthcare Provider'}],
'attack_vector': 'Exploitation of vulnerability in Accellion File Transfer '
'Appliance (FTA)',
'customer_advisories': 'Claim filing instructions provided via mail and '
'online (deadline: Jan. 19, 2026)',
'data_breach': {'data_exfiltration': 'Yes (files accessed by unauthorized '
'party)',
'number_of_records_exposed': '18,153 (California residents)',
'personally_identifiable_information': ['Names',
'Addresses',
'Emails',
'Dates of birth',
'Social Security '
'numbers',
'Medical record '
'numbers',
'Credit card '
'information'],
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and credit card info)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Payment Information']},
'date_detected': '2021-01-20',
'description': 'Trinity Health Corp. experienced a data breach in January '
'2021 due to a vulnerability in the Accellion File Transfer '
'Appliance (FTA). Unauthorized parties accessed sensitive '
'patient data, including names, addresses, Social Security '
'numbers, medical records, and payment information. The breach '
'affected approximately 18,153 California residents, leading '
'to a $450,000 class action settlement. Affected individuals '
'may claim up to $1,000 for out-of-pocket losses and a pro '
'rata cash payment, depending on claim participation rates.',
'impact': {'brand_reputation_impact': 'Negative (class action settlement and '
'public disclosure)',
'customer_complaints': 'Class action lawsuit filed by affected '
'individuals',
'data_compromised': ['Names',
'Addresses',
'Emails',
'Dates of birth',
'Health care providers',
'Dates and types of health care services',
'Medical record numbers',
'Immunization types',
'Lab results',
'Medications',
'Payments, payer names, and claims '
'information',
'Social Security numbers',
'Credit card information'],
'financial_loss': '$450,000 (settlement fund)',
'identity_theft_risk': 'High (SSNs, credit card info, and medical '
'data exposed)',
'legal_liabilities': "$450,000 settlement (including attorneys' "
'fees, administration costs, and class member '
'payments)',
'payment_information_risk': 'High (credit card information and '
'payment details compromised)',
'systems_affected': ['Accellion File Transfer Appliance (FTA)']},
'initial_access_broker': {'entry_point': 'Accellion File Transfer Appliance '
'(FTA)',
'high_value_targets': ['Patient data',
'Payment information']},
'investigation_status': 'Settled (class action lawsuit resolved)',
'motivation': ['Financial Gain', 'Data Theft'],
'post_incident_analysis': {'root_causes': 'Failure to adequately safeguard '
'Accellion FTA (vulnerability '
'exploitation)'},
'ransomware': {'data_exfiltration': 'Yes (via Accellion FTA exploitation)'},
'references': [{'source': 'Class Action Settlement Notice (Jane Doe v. '
'Trinity Health Corp.)'},
{'source': 'Kroll Settlement Administration LLC'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit settled for '
'$450,000'},
'response': {'communication_strategy': 'Direct mail notices to affected '
'California residents'},
'stakeholder_advisories': 'Direct mail notices to affected individuals',
'threat_actor': 'Unauthorized party (unknown specific actor)',
'title': 'Trinity Health Data Breach via Accellion File Transfer Appliance '
'(January 2021)',
'type': ['Data Breach', 'Class Action Settlement'],
'vulnerability_exploited': 'Accellion FTA (specific CVE not mentioned)'}