Recently, TridentCare confirmed that the company experienced a data breach after an unauthorized party broke into one of the company’s offices and stole certain equipment, including hard drives. According to Trident Care, the breach resulted in the names, dates of birth and Social Security numbers of affected patients being compromised. On June 16, 2022, Trident Care filed official notice of the breach and sent out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the TridentCare data breach, please see our recent piece on the topic here.
What We Know About the TridentCare Data Breach
According to the notice posted on the company’s website, on April 17, 2022, a group of unauthorized individuals broke into one of TridentCare’s offices, removing multiple hard drives and other equipment from the facility. In response, TridentCare notified law enforcement and then engaged the assistance of cybersecurity and data recovery professionals to investigate the incident and as well as its impact on the company’s patients.
The results of the investigation confirmed that there was patient data contained on the hard drives. However, the investigative team believes, although it cannot confirm, that the data was corrupted and, thus, inaccessible. If the data was not corrupted, TridentCare notes that “it would have required certain technical capabilities to access the data.”
However, upon discovering that sensitive consumer data was potentially accessible to an unauthorized party, TridentCare reviewed the data contained on the hard drives to determine exactly what information was compromised and who was affected. While the breached information varies depending on the individual, it may include your name, date of birth and Social Security number.
On June 16, 2022, TridentCare sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
TridentCare is a mobile healthcare provider based in Sparks, Maryland. The company provides a range of mobile health services, including oxygen delivery, digital x-rays, ultrasound and EKGs, phlebotomy, infection control and home care. TridentCare also provides mobile imaging support to practices that lack the ability to do so in-house. Based on the company’s most recent data, it performs over 2 million imaging procedures in 43 states. TridentCare employs more than 1,500 people and generates approximately $220 million in annual revenue.
The Types of Data Breaches
Data breaches are not a new concept. In 2022, most data breaches involve criminals surreptitiously hacking into a company’s computer network. These attacks typically involve malware, ransomware, email phishing attacks, or any combination of these.
However, that was not always the case; prior to the internet, data was stored on hard drives, which were usually stored securely. In this way, the TridentCare data breach is reminiscent of the “old school” data breaches because it didn’t involve a breach of the company’s computer network but a physical breach of an office.
While the TridentCare breach is different from many of the other data breaches making headlines these days, when it comes to determining whether the company is liable, the analysis is the same: the question is whether TridentCare was negligent in how it stored the information.
Of course, it’s natural to assume that because the breach was the result of a third party’s criminal actions that TridentCare cannot be held liable. However, every data breach involves some element of criminal activity. Thus, the question is more nuanced. For example, the following questions may influence the ultimate question of whether TridentCare can be held liable for the breach:
Was the patient data contained on the hard drives encrypted?
Were the hard drives stored in a secure location within the facility?
Did TridentCare employees properly lock up the office before leaving for the day?
It’s too soon to tell if TridentCare bears any responsibility for the breach; however, data breach lawyers are looking into the incident to determine whether affected parties have a claim against the company.