Skip to Main Content
Click to read notice

Notice of Data Security Incident

September 30, 2022

Trillium Health, Inc. (“Trillium”) is providing notice of a recent incident affecting certain personal information processed by Trillium.  Protection of personal information in Trillium’s systems is very important to Trillium and Trillium takes this incident seriously. This notice provides information on the incident and what we are doing in response.

What Happened?

On or about August 1, 2022, Trillium Health discovered suspicious activity related to a single user’s e-mail account. Once Trillium Health became aware of this activity, an investigation was undertaken that ultimately confirmed that an unknown and unauthorized actor had access to the mailbox for a short period of time on July 26, 2022, and that the unauthorized actor may have acquired some or all of the mailbox contents.

Although Trillium Health is not aware of what personal information may have actually been viewed by the unauthorized person, the incident could have involved health information relating to a small percentage of those receiving services, such as name, date of birth, treatment, medication, diagnosis or provider information.

What Information Was Involved?

Almost exclusively, potentially affected information includes personally identifying health information of a small percentage of those receiving Trillium’s services, such as name, date of birth, treatment, medication, diagnosis or provider information. In the rare few instances where other information may have been affected, such individuals are receiving written notice specifying the subject information.

What We Are Doing

Working with an outside forensics expert, we confirmed the narrow scope of this incident, the security of our e-mail environment and that our systems are not otherwise currently at risk. In order to protect against unauthorized access to electronic mailboxes, Trillium has been working to implement several precautionary measures, including through multi-factor log-on requirements. Trillium has since further prioritized its efforts and has also changed passwords and modified internal e-mail settings and controls to further protect its electronic mail platform.

What You Can Do

If you would like to determine whether you were one of the limited number of individuals affected by this incident, please call 888-301-9837.

It is always a good idea to consider some or all of the below actions to help reduce your risk of identity theft:

  • Remain vigilant, especially over the next 12 months, and review your bank accounts, credit card bills and free credit reports for unauthorized activity. Promptly report any suspected identity theft to your local law enforcement agency, the U.S. Federal Trade Commission, your State Attorney General, your financial institution, and to the Fraud Alert phone line of a consumer reporting agency. You can obtain information about fraud alerts and security freezes by contacting the three national reporting agencies below:
  • Periodically obtain credit reports from each nationwide credit reporting agency and have information relating to fraudulent transactions deleted.
  • Place a fraud alert on your credit file by contacting any of the three credit reporting agencies listed above. A fraud alert temporarily, for a period of 90 days, requires potential creditors to take additional steps to verify your identity before issuing credit in your name.
  • Place a security freeze on your consumer report. A security freeze is designed to prevent credit, loans and services from being approved in your name without your consent. However, a security freeze may delay your ability to obtain credit. Please contact one of the three credit reporting agencies listed above for further information.
  • Request and carefully review your free annual consumer credit report by visiting annualcreditreport.com or by calling 1-877-322-8228.

You can also contact the Federal Trade Commission to obtain information about preventing identity theft and, specifically, setting up fraud alerts and security freezes. The contact information for the Federal Trade Commission is as follows: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, D.C. 20580, ftc.gov, 1-877-382-4357

For more information about how to prevent identity theft, you can also contact the New York Department of State Division of Consumer Protection (New York State Division of Consumer Protection, One Commerce Plaza, 99 Washington Ave., Albany, NY 12231-0001; (518) 474-8583; https://dos.ny.gov/consumer-protection) or the New York State Attorney General (New York State Attorney General’s Office, The Capitol, Albany, NY 12224-0341; (800) 771-7755; (212) 416-8433; and https://ag.ny.gov).

For More Information

If you have questions, please contact 888-301-9837. Additionally, our mailing address is 259 Monroe Avenue, Rochester, NY 14607.

Thank you.