Trinity Health Hit with Class Action Lawsuit

Trinity Health and two other healthcare providers were sued over a March 2023 cyberattack.

By HFT Staff

A class action lawsuit has been filed in the U.S. District Court for the Southern District of Iowa against Trinity Health, Mercy Health Network, and Mercy Medical Center – Clinton over a cyberattack and data breach that affected 21,000 patients. 

Livonia, MI-based Trinity Health, which operates Mercy Health Network and Mercy Medical Center – Clinton in Iowa, discovered a cyberattack on April 4, 2023, the forensic investigation of which confirmed hackers had gained access to systems containing patients’ protected health information on March 7, 2023, and maintained access to those systems until April 7, when its systems were secured. The data exposed and potentially stolen in the attack included names, addresses, birth dates, Social Security numbers, diagnosis codes, treatment information, prescription information and service/discharge. Trinity Health offered affected individuals complimentary credit monitoring services for 12 months. 

On June 12, 2023, a lawsuit was filed on behalf of plaintiff Jennifer Medenblik that alleges the defendants failed to protect the sensitive data of patients and monitor its systems for intrusions, which allowed hackers to gain access to its network and the protected health information of 21,000 patients and remain undetected within its systems for a month. The lawsuit alleges violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and a failure to follow healthcare industry best practices for protecting sensitive data and Federal Trade Commission (FTC) guidelines. 

Trinity Health notified affected patients about the attack; however, the lawsuit claims those notifications were inadequate, and failed to provide the necessary support. The lawsuit also claims that the defendants have not provided satisfactory assurances to patients that the impacted data has been recovered or deleted nor that adequate cybersecurity measures have been implemented post-data breach to prevent further security breaches in the future. 

The 8-count lawsuit – Medenblik v. Trinity Health Corporation et al, includes allegations of negligence, breach of contract, and breach of confidence, and claims the plaintiff and class members have suffered and are at an imminent, immediate, and continuing increased risk of suffering ascertainable losses. The lawsuit seeks class action status, a jury trial, an award of damages and funds to cover a lifetime of credit monitoring services and identity theft insurance for the plaintiff and class members. 

June 28, 2023

Topic Area: Information Technology

Recent Posts

From Rocks to Sinkholes: Geological Challenges at Construction Site

Unique approaches were needed to construct Morristown-Hamblen West Facility.

When Should Healthcare Facilities Maintenance Their Doors?

Door manufacturers discuss when to maintain doors in healthcare facilities.

Geisinger Medical Center Expansion Project Announced

The $880 million project is slated to be complete and open in 2028.

Palomar Health Medical Group Experiences Data Breach

Currently, PHMG cannot determine the specific individuals and information that may have been impacted by the incident.

Workplace Violence: Report Confirms Growing Concerns 

‘One in five healthcare workers feel unsafe at work.’


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.