fbpx

Trinity Health Patient Info Exposed Via Accellion FTP Class Action

This class action brings suit against Trinity Health Corporation for its failure to safeguard patient information. At its heart is the File Transfer Appliance (FTA) provided by vendor Accellion, used for the transfer of large files. Cybercriminals were able to exploit weaknesses in the FTA and download personal and protected health information belonging to Trinity’s patients.

The class for this action is all persons to whom Trinity sent a notification letter of a data security incident that occurred on January 20, 2021, a sample of which is attached to this complaint as Exhibit A.

This case was originally filed in the California courts, with the complaint making frequent reference to California’s Confidentiality of Medical Information Act (CMIA, or “the Act”), as well as to the Security Notification Laws. HIPAA, and other provisions of California codes.

The complaint says in its Introduction that, under the Act, people “have the right to expect that the confidentiality of their medical information in possession of [Trinity] or derived from [Trinity] to be reasonably preserved and protected from unauthorized access, viewing, exfiltration, theft, and disclosure.”

However, unauthorized persons were able to get into the FTA and access the personally identifying information (PII) and medical information.

The plaintiff in this case, who is identified only as Jane Doe, received a form letter from Trinity’s “privacy official” telling her about “an incident that may impact the privacy of certain confidential information related to the patient. Trinity Health was recently notified by Accellion, a third-party vendor, of a security incident.” This was the breach of the FTA.

Accellion informed Trinity on January 29, 2021, after which, the notice says, Trinity “launched an investigation into the issue and its impact on both Trinity Health and our patients and colleagues. The investigation determined that certain files present on the appliance on January 20 were downloaded by an unknown user[.]”

Among the information compromised were names and addresses, dates of birth, dates and types of healthcare services rendered, lab results, medications, payment information, and claims information.

The complaint alleges that Trinity, in searching for a vendor, had the duty to inquire about many aspects of Accellion, including security measures and past incident experience, to ensure that Accellion was capable of protecting Trinity’s patient information.

The complaint also claims, “on information and belief that for the last three years, [Accellion] encouraged [Trinity] to migrate from Accellion FTA, a 20[-]year[-]old product nearing end-of[-]life, to its flagship enterprise content firewall platform, kiteworks … and [Trinity] negligently failed to do so…” which led to the theft of the personal and medical information.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Trinity Health Patient Info Exposed Via Accellion FTP Complaint

July 23, 2021

This class action brings suit against Trinity Health Corporation for its failure to safeguard patient information. At its heart is the File Transfer Appliance (FTA) provided by vendor Accellion, used for the transfer of large files. Cybercriminals were able to exploit weaknesses in the FTA and download personal and protected health information belonging to Trinity’s patients.

Trinity Health Patient Info Exposed Via Accellion FTP Complaint

Case Event History

Trinity Health Patient Info Exposed Via Accellion FTP Complaint

July 23, 2021

This class action brings suit against Trinity Health Corporation for its failure to safeguard patient information. At its heart is the File Transfer Appliance (FTA) provided by vendor Accellion, used for the transfer of large files. Cybercriminals were able to exploit weaknesses in the FTA and download personal and protected health information belonging to Trinity’s patients.

Trinity Health Patient Info Exposed Via Accellion FTP Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy