LIVONIA, Mich., April 5, 2021 /PRNewswire/ — Trinity Health was recently notified by Accellion, a third-party vendor, of a security incident impacting the large file transfer service. The Accellion File Transfer Appliance is used by Trinity Health and many other companies for large file transfers. Trinity Health provides information technology services for its current and some former member hospitals and health care providers, including email services. Information about Trinity Health and its current and some former locations can be found at. www.trinity-health.org and Location Results (trinity-health.org) and www.virtua.org
On January 29, 2021, Accellion informed Trinity Health of a security issue with its secure file transfer platform. Upon receiving this notice, Trinity Health immediately took the appliance offline and launched an investigation into the issue and its impact on both Trinity Health and our patients and colleagues. This investigation determined that certain files present on the appliance on January 20th were downloaded by an unknown user. The unauthorized user was able to take advantage of a previously unknown and unreported flaw in the security of the Accellion appliance.
Although the investigation is ongoing, on February 4, 2021, Trinity Health determined file(s) were present on the appliance at the time of this event. The files contained certain protected health information, including a combination of demographic, clinical and financial information such as your name, address, email, date of birth, healthcare provider, dates and types of health care services, medical record number, immunization type, lab results, medications, payment, payer name, and claims information. The confidential information of a very small number of impacted individuals included a social security number or credit card number.
Trinity Health takes these matters extremely seriously. When Trinity Health was alerted of the security issue Trinity Health immediately took steps to terminate access and use of the appliance and worked with Accellion to investigate the event. Trinity Health also confirmed the security of its network. Additionally, while Trinity Health goes to great lengths to protect patient and colleague information entrusted to it, as part of its ongoing commitment to the security of information in its care, Trinity Health is further evaluating its data security policies and procedures.
Trinity Health is mailing notice to those whose information may have been contained within the appliance at the time of this event. In that notice, Trinity Health is providing access to credit monitoring as well as guidance on how to protect against identity theft and fraud, should they feel it is necessary to do so. While Trinity Health is unaware of misuse of information, Trinity Health encourages those who may be impacted to remain vigilant against incidents of identity theft and fraud. Trinity Health also established a dedicated call center to assist those who may be impacted by this event. Those who may be impacted can also find additional information at https://www.trinity-health.org/accellion-data-event/
Trinity Health wants to assure those who may be impacted that Trinity Health takes the responsibility to safeguard protected health information very seriously. Trinity Health deeply regret any inconvenience or concern this situation may have caused you. If you have any additional questions or concerns, please do not hesitate to call (855) 935-6070 from 8:00 a.m. – 5:30 p.m. Central Time, Monday – Friday, or email [email protected]
SOURCE Trinity Health