Notice of Data Security Incident
September 30, 2022
Trillium Health, Inc. (“Trillium”) is providing notice of a recent incident affecting certain personal information processed by Trillium. Protection of personal information in Trillium’s systems is very important to Trillium and Trillium takes this incident seriously. This notice provides information on the incident and what we are doing in response.
What Happened?
On or about August 1, 2022, Trillium Health discovered suspicious activity related to a single user’s e-mail account. Once Trillium Health became aware of this activity, an investigation was undertaken that ultimately confirmed that an unknown and unauthorized actor had access to the mailbox for a short period of time on July 26, 2022, and that the unauthorized actor may have acquired some or all of the mailbox contents.
Although Trillium Health is not aware of what personal information may have actually been viewed by the unauthorized person, the incident could have involved health information relating to a small percentage of those receiving services, such as name, date of birth, treatment, medication, diagnosis or provider information.
What Information Was Involved?
Almost exclusively, potentially affected information includes personally identifying health information of a small percentage of those receiving Trillium’s services, such as name, date of birth, treatment, medication, diagnosis or provider information. In the rare few instances where other information may have been affected, such individuals are receiving written notice specifying the subject information.
What We Are Doing
Working with an outside forensics expert, we confirmed the narrow scope of this incident, the security of our e-mail environment and that our systems are not otherwise currently at risk. In order to protect against unauthorized access to electronic mailboxes, Trillium has been working to implement several precautionary measures, including through multi-factor log-on requirements. Trillium has since further prioritized its efforts and has also changed passwords and modified internal e-mail settings and controls to further protect its electronic mail platform.
What You Can Do
If you would like to determine whether you were one of the limited number of individuals affected by this incident, please call 888-301-9837.
It is always a good idea to consider some or all of the below actions to help reduce your risk of identity theft:
You can also contact the Federal Trade Commission to obtain information about preventing identity theft and, specifically, setting up fraud alerts and security freezes. The contact information for the Federal Trade Commission is as follows: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, D.C. 20580, ftc.gov, 1-877-382-4357.
For more information about how to prevent identity theft, you can also contact the New York Department of State Division of Consumer Protection (New York State Division of Consumer Protection, One Commerce Plaza, 99 Washington Ave., Albany, NY 12231-0001; (518) 474-8583; https://dos.ny.gov/consumer-protection) or the New York State Attorney General (New York State Attorney General’s Office, The Capitol, Albany, NY 12224-0341; (800) 771-7755; (212) 416-8433; and https://ag.ny.gov).
For More Information
If you have questions, please contact 888-301-9837. Additionally, our mailing address is 259 Monroe Avenue, Rochester, NY 14607.
Thank you.