Trinity Health Hit with Class Action Lawsuit

Trinity Health and two other healthcare providers were sued over a March 2023 cyberattack.

By HFT Staff


A class action lawsuit has been filed in the U.S. District Court for the Southern District of Iowa against Trinity Health, Mercy Health Network, and Mercy Medical Center – Clinton over a cyberattack and data breach that affected 21,000 patients. 

Livonia, MI-based Trinity Health, which operates Mercy Health Network and Mercy Medical Center – Clinton in Iowa, discovered a cyberattack on April 4, 2023, the forensic investigation of which confirmed hackers had gained access to systems containing patients’ protected health information on March 7, 2023, and maintained access to those systems until April 7, when its systems were secured. The data exposed and potentially stolen in the attack included names, addresses, birth dates, Social Security numbers, diagnosis codes, treatment information, prescription information and service/discharge. Trinity Health offered affected individuals complimentary credit monitoring services for 12 months. 

On June 12, 2023, a lawsuit was filed on behalf of plaintiff Jennifer Medenblik that alleges the defendants failed to protect the sensitive data of patients and monitor its systems for intrusions, which allowed hackers to gain access to its network and the protected health information of 21,000 patients and remain undetected within its systems for a month. The lawsuit alleges violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and a failure to follow healthcare industry best practices for protecting sensitive data and Federal Trade Commission (FTC) guidelines. 

Trinity Health notified affected patients about the attack; however, the lawsuit claims those notifications were inadequate, and failed to provide the necessary support. The lawsuit also claims that the defendants have not provided satisfactory assurances to patients that the impacted data has been recovered or deleted nor that adequate cybersecurity measures have been implemented post-data breach to prevent further security breaches in the future. 

The 8-count lawsuit – Medenblik v. Trinity Health Corporation et al, includes allegations of negligence, breach of contract, and breach of confidence, and claims the plaintiff and class members have suffered and are at an imminent, immediate, and continuing increased risk of suffering ascertainable losses. The lawsuit seeks class action status, a jury trial, an award of damages and funds to cover a lifetime of credit monitoring services and identity theft insurance for the plaintiff and class members. 



June 28, 2023


Topic Area: Information Technology


Recent Posts

Disinfectant Dispensers in Healthcare Facilities Often Fail to Deliver Safe Concentrations: Study

Study of 10 hospitals finds 90 percent have at least one dispenser delivering disinfectants at incorrect concentrations.


Duke University Health System Receives $50 Million for Proton Beam Therapy Center

The donation is the largest philanthropic gift received by Duke University Health System.


UT Southwestern Experiences Data Breach Through Calendar Tool

The incident occurred in October.


Protecting Patient Data: Strategies and Tactics

As cyber threats and breaches grow, healthcare organizations and facilities need a better approach to cybersecurity.


Duke Health to Acquire Lake Norman Regional Medical Center

The closing is projected for the first quarter of 2025.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.