TriMed Inc. Discloses Ransomware Attack Exposing Patient and Medical Data
TriMed Inc., a California-based medical device company specializing in orthopedic implants, reported a data breach that may have compromised personal and medical information of certain individuals. The breach was discovered on January 23, 2026, following an investigation into suspicious activity detected in late 2025.
The ransomware group LYNX claimed responsibility for the attack on October 2, 2025, posting on the Tor dark web network that it had exfiltrated data from the company. TriMed confirmed unauthorized access to files occurred between September 13 and September 21, 2025, though the full scope of the exposure was only determined months later.
The exposed data included names, dates of birth, medical record numbers, and details about orthopedic implant parts such as device types, installation components, and ordering surgeon information. Notably, Social Security numbers, bank account details, and credit card data were not compromised.
TriMed began notifying affected individuals on March 27, 2026, via written notices and a public statement on its website. The breach was also reported to the Maine Attorney General, with at least two Maine residents confirmed as impacted.
In response, TriMed is offering affected individuals a complimentary 24-month membership to Experian IdentityWorks, including credit monitoring, identity restoration support, and $1 million in identity theft insurance. Enrollment is available until July 31, 2026, using a code provided in notification letters. A dedicated call center (844-558-4660) has been established for inquiries, operating through late June 2026.
The incident highlights the ongoing risks of ransomware attacks targeting healthcare and medical device manufacturers, where sensitive patient data remains a high-value target.
Source: https://www.claimdepot.com/data-breach/trimed-2026
TriMed cybersecurity rating report: https://www.rankiteo.com/company/trimed
"id": "TRI1774902839",
"linkid": "trimed",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least two Maine residents '
'confirmed; full scope not '
'specified',
'industry': 'Healthcare / Medical Devices',
'location': 'California, USA',
'name': 'TriMed Inc.',
'type': 'Medical Device Company'}],
'customer_advisories': 'Written notices sent to affected individuals, public '
'statement on website, and dedicated call center for '
'inquiries.',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Names',
'Dates of birth',
'Medical record '
'numbers'],
'sensitivity_of_data': 'High (patient and medical data)',
'type_of_data_compromised': ['Personal information',
'Medical information']},
'date_detected': '2025-12-31',
'date_publicly_disclosed': '2026-03-27',
'description': 'TriMed Inc., a California-based medical device company '
'specializing in orthopedic implants, reported a data breach '
'that may have compromised personal and medical information of '
'certain individuals. The ransomware group LYNX claimed '
'responsibility for the attack, which involved unauthorized '
'access to files containing sensitive patient and medical '
'data.',
'impact': {'brand_reputation_impact': 'Likely negative impact due to data '
'breach disclosure',
'data_compromised': 'Personal and medical information, including '
'names, dates of birth, medical record '
'numbers, and orthopedic implant details',
'identity_theft_risk': 'Elevated due to exposure of personal and '
'medical data',
'payment_information_risk': 'None (Social Security numbers, bank '
'account details, and credit card data '
'were not compromised)'},
'investigation_status': 'Ongoing (as of March 2026)',
'lessons_learned': 'Highlights ongoing risks of ransomware attacks targeting '
'healthcare and medical device manufacturers, where '
'sensitive patient data remains a high-value target.',
'motivation': 'Data exfiltration and ransom demand',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'LYNX'},
'references': [{'date_accessed': '2026-03-27',
'source': 'TriMed Inc. public statement'},
{'date_accessed': '2025-10-02',
'source': 'LYNX dark web post',
'url': 'Tor network (not publicly accessible)'},
{'source': 'Maine Attorney General breach report'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General']},
'response': {'communication_strategy': 'Written notices to affected '
'individuals, public statement on '
'website, dedicated call center '
'(844-558-4660)',
'third_party_assistance': 'Experian IdentityWorks (credit '
'monitoring and identity restoration '
'support)'},
'threat_actor': 'LYNX',
'title': 'TriMed Inc. Discloses Ransomware Attack Exposing Patient and '
'Medical Data',
'type': 'Ransomware'}