Skip to main content
Over a doctor’s shoulder we see a spreadsheet of medical data on a vulnerable hospital computer.

TriHealth Physician Partners Data Breach Investigation

Written by Joseph Lyon on . Posted in Uncategorized.

The Data Breach Lawyers at The Lyon Firm are investigating a potentially large patient impact following an alleged data security incident at TriHealth Physician Partners. The data theft incident was officially announced by the Cincinnati, Ohio, healthcare entity on November 6, 2024, but was first discovered months ago. Our legal team is reviewing claims on behalf of former and current TriHealth patients and staff.

Contact our attorneys to learn more about this particular data breach event and to discuss possible legal action. It is important to understand the risks of having your personal data leaked to cybercriminals, and to take certain measures to mitigate the risk of medical identity theft moving forward.

What Happened?

TriHealth, serving the greater Cincinnati, Ohio, area, warned patients on November 6 in a data breach notification that a security incident at a third-party vendor may have compromised patients’ protected health information. The company says it learned about the data theft incident on October 23, 2024, and confirmed that there was no direct unauthorized access to its internal network.

A subsequent investigation allegedly confirmed that the attacker accessed documents belonging to the OB/GYN group, For Women, which is now operating under the Trihealth parent LLC. In a notice posted on their website, the company says impacted files may have contained patient names, addresses, dates of birth, Social Security numbers, claims information, medical conditions, medications, lab results, and treatment information.

TriHealth has begun mailing data breach notification letters to all identified impacted individuals. The breach has not yet been posted on the HHS’ Office for Civil Rights breach portal, and the number of individuals affected is still unclear.

What Should You Do Following the TriHealth Data Breach?

The TriHealth Physician Partners vendor data breach was only recently announced, and more details should emerge in the coming weeks. It is prudent to begin taking steps to protect medical and personal data when possible. Contact our lawyers to learn more about how to protect yourself following a data privacy violation. We believe very strongly that any entity that collects and stores your data has a duty to protect it with reasonably robust IT network security systems. If any company is negligent in protecting your medical data, you may have a claim against them for any damages that result.

TriHealth is an Ohio-based medical group that provides care in internal medicine, family medicine, pediatrics and dozens of other medical specialties, including behavioral health, cancer and blood care, gastroenterology, heart and vascular care, hospital medicine, interventional pain and spine, neuroscience care, surgical care, and women’s health services. The group’s Cincinnati hospitals include Good Samaritan Hospital, Bethesda North Hospital, Bethesda Butler Hospital, McCullough-Hyde Memorial Hospital, and Good Samaritan Hospital at Evendale, and 140 other clinics. The following types of personal information may be compromised:

  • Name
  • Social Security number
  • Address
  • Date of birth
  • Claims information
  • Clinical information (diagnoses, medications, lab results)