TriCity Family Services: Tricity Family Services Data Breach Lawsuit Investigation

TriCity Family Services Hit by Ransomware Attack, Exposing Sensitive Data of 2,511 Individuals

TriCity Family Services, a nonprofit mental health care provider based in Geneva, Illinois, suffered a ransomware attack that compromised the sensitive personal and health information of 2,511 individuals. The breach, detected in spring 2025, involved unauthorized access to the organization’s systems between November 11, 2024, and May 14, 2025.

The attack was claimed by the ransomware group INC RANSOM, which posted details of the hack on the Tor network. A third-party cybersecurity forensics firm was brought in to investigate, confirming that an unauthorized actor accessed and exfiltrated files containing personally identifiable information (PII) and protected health information (PHI).

TriCity reported the incident to the U.S. Department of Health and Human Services (HHS) on December 8, 2025. The exposed data included names, dates of birth, presenting problems, requested treatments, treatment locations, and provider names though electronic medical records were not affected.

Affected individuals have been advised to monitor financial accounts, review credit reports, and check insurance statements for suspicious activity. TriCity has set up a dedicated call center (888-360-9994) for inquiries, operating Monday through Friday from 9 a.m. to 9 p.m. ET.

Legal firms are now investigating potential compensation claims for those impacted by the breach.

Source: https://www.claimdepot.com/investigations/tricity-family-services-data-breach-2026

TriCity Family Services (TCFS) cybersecurity rating report: https://www.rankiteo.com/company/tricity-family-services-tcfs

"id": "TRI1769095767",
"linkid": "tricity-family-services-tcfs",
"type": "Ransomware",
"date": "11/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '2,511',
                        'industry': 'Healthcare (Mental Health Services)',
                        'location': 'Geneva, Illinois, USA',
                        'name': 'TriCity Family Services',
                        'type': 'Nonprofit'}],
 'customer_advisories': 'Affected individuals advised to monitor financial '
                        'accounts, review credit reports, and check insurance '
                        'statements for suspicious activity. Dedicated call '
                        'center established for inquiries.',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '2,511',
                 'personally_identifiable_information': ['Names',
                                                         'Dates of birth',
                                                         'Presenting problems',
                                                         'Requested treatments',
                                                         'Treatment locations',
                                                         'Provider names'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information (PII)',
                                              'Protected health information '
                                              '(PHI)']},
 'date_detected': '2025-05-14',
 'description': 'TriCity Family Services, a nonprofit mental health care '
                'provider based in Geneva, Illinois, suffered a ransomware '
                'attack that compromised the sensitive personal and health '
                'information of 2,511 individuals. The breach involved '
                'unauthorized access to the organization’s systems between '
                'November 11, 2024, and May 14, 2025, with data exfiltration '
                'confirmed by a third-party cybersecurity forensics firm.',
 'impact': {'data_compromised': 'Personally identifiable information (PII) and '
                                'protected health information (PHI) of 2,511 '
                                'individuals',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential compensation claims under '
                                 'investigation'},
 'investigation_status': 'Ongoing',
 'ransomware': {'data_exfiltration': 'Yes'},
 'recommendations': 'Affected individuals advised to monitor financial '
                    'accounts, review credit reports, and check insurance '
                    'statements for suspicious activity',
 'references': [{'source': 'INC RANSOM (Tor network)'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA'],
                           'regulatory_notifications': ['U.S. Department of '
                                                        'Health and Human '
                                                        'Services (HHS) '
                                                        'notified on December '
                                                        '8, 2025']},
 'response': {'communication_strategy': 'Dedicated call center (888-360-9994) '
                                        'for inquiries, operating Monday '
                                        'through Friday from 9 a.m. to 9 p.m. '
                                        'ET',
              'third_party_assistance': 'Third-party cybersecurity forensics '
                                        'firm'},
 'threat_actor': 'INC RANSOM',
 'title': 'TriCity Family Services Ransomware Attack',
 'type': 'Ransomware'}

TriCity Family Services: Tricity Family Services Data Breach Lawsuit Investigation

Asurion, npm and GitHub: Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Perforce: Misconfigured Perforce servers remain widespread, threaten sensitive data exposure

Saint Anthony Hospital and Southern Illinois Dermatology: Almost 600K reportedly impacted by separate US healthcare breaches