Trinity Health Hit with Class Action Lawsuit

Trinity Health and two other healthcare providers were sued over a March 2023 cyberattack.

By HFT Staff

A class action lawsuit has been filed in the U.S. District Court for the Southern District of Iowa against Trinity Health, Mercy Health Network, and Mercy Medical Center – Clinton over a cyberattack and data breach that affected 21,000 patients. 

Livonia, MI-based Trinity Health, which operates Mercy Health Network and Mercy Medical Center – Clinton in Iowa, discovered a cyberattack on April 4, 2023, the forensic investigation of which confirmed hackers had gained access to systems containing patients’ protected health information on March 7, 2023, and maintained access to those systems until April 7, when its systems were secured. The data exposed and potentially stolen in the attack included names, addresses, birth dates, Social Security numbers, diagnosis codes, treatment information, prescription information and service/discharge. Trinity Health offered affected individuals complimentary credit monitoring services for 12 months. 

On June 12, 2023, a lawsuit was filed on behalf of plaintiff Jennifer Medenblik that alleges the defendants failed to protect the sensitive data of patients and monitor its systems for intrusions, which allowed hackers to gain access to its network and the protected health information of 21,000 patients and remain undetected within its systems for a month. The lawsuit alleges violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and a failure to follow healthcare industry best practices for protecting sensitive data and Federal Trade Commission (FTC) guidelines. 

Trinity Health notified affected patients about the attack; however, the lawsuit claims those notifications were inadequate, and failed to provide the necessary support. The lawsuit also claims that the defendants have not provided satisfactory assurances to patients that the impacted data has been recovered or deleted nor that adequate cybersecurity measures have been implemented post-data breach to prevent further security breaches in the future. 

The 8-count lawsuit – Medenblik v. Trinity Health Corporation et al, includes allegations of negligence, breach of contract, and breach of confidence, and claims the plaintiff and class members have suffered and are at an imminent, immediate, and continuing increased risk of suffering ascertainable losses. The lawsuit seeks class action status, a jury trial, an award of damages and funds to cover a lifetime of credit monitoring services and identity theft insurance for the plaintiff and class members. 

June 28, 2023

Topic Area: Information Technology

Recent Posts

3 Ways Technology Can Benefit Facilities Teams

By investing in people supported by innovative technology, facilities will be better equipped to meet evolving challenges.

36th Annual Healthcare Facilities Symposium and Expo Held

The show was held in Charlotte, North Carolina.

Florida Hospital Experiences Two Power Outages in Less Than 24 Hours

Facilities management can mitigate potential outages through training and planning. 

Unique Facility Combines Housing and Healthcare

CCC Blackburn Center gives about 3,000 patients per year access to employment services, housing placement, and complementary clinic services.

KnowBe4 Releases Figures Concerning Healthcare Cyberattacks

The U.S. healthcare industry has become a top target for cyberattacks over the past several years.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.