Skip to main content
patient medical records

TriMed Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

A ransomware attack on TriMed Inc., a surgical solutions company and subsidiary of healthcare giant Henry Schein, has raised serious concerns about the safety of personal and professional data held by medical device companies. The attack, carried out by a Russia-linked cybercriminal group known as Lynx, resulted in the exfiltration of a wide range of sensitive files. For individuals in California whose data may have been swept up in this breach, understanding your rights under state law is critical.

If you believe your information was compromised, contact the data breach lawyers at The Lyon Firm today for a free and confidential consultation.

What Happened in the TriMed Ransomware Attack?

In early October 2025, the Lynx ransomware group claimed responsibility for an attack on TriMed Inc. and listed the company on its dark web leak site. TriMed confirmed it had suffered a cybersecurity incident and took systems offline in an effort to contain the damage.

Cybersecurity researchers who analyzed the breach found that the attackers had exfiltrated a significant volume of sensitive material, including:

  • Executive communications and internal email exchanges containing financial details such as bank account numbers and IBAN codes
  • Personal documents belonging to individuals associated with the company
  • Legal documents and proprietary intellectual property, including design files related to surgical products
  • Sensitive data categories such as names, home addresses, phone numbers, email addresses, and Social Security numbers

Security analysts noted that the range and depth of the stolen material suggested the attackers may have had extended access to TriMed’s internal systems before the breach was detected. This type of prolonged unauthorized access can significantly expand the number of affected individuals and the severity of the harm caused.

Who Is the Lynx Ransomware Group?

Lynx is a ransomware-as-a-service (RaaS) operation with ties to Russia that first appeared on the threat landscape in mid-2024. Since then, the group has listed nearly 200 victims on its dark web site. Lynx is known to target organizations across multiple industries, including finance, architecture, manufacturing, energy, and retail.

The group’s typical method involves infiltrating a target’s systems, extracting data, and then threatening to publicly release that data if a ransom is not paid. When companies refuse or fail to negotiate, the stolen information is often dropped onto the dark web where it can be accessed and exploited by other bad actors. This creates an ongoing and often irreversible exposure risk for the individuals whose data was taken.

What California Law Says About Data Breaches

California has some of the strongest data breach notification laws in the country. Under California law, businesses that experience a breach involving the personal information of California residents are required to notify those individuals in a timely manner.

Companies must now notify affected California residents within 30 calendar days of discovering a breach, and must alert the California Attorney General within 15 days of sending those individual notices. This new standard replaces the previous, more flexible “without unreasonable delay” language and creates a concrete legal obligation for businesses handling Californians’ data.

What Types of Data Put Victims Most at Risk?

Not all breached data carries the same level of risk. In the TriMed attack, some of the categories of information confirmed or suspected to have been exfiltrated carry particularly serious consequences:

  • Social Security numbers can be used to open fraudulent accounts, file fake tax returns, and commit identity theft that can take years to resolve
  • Bank account numbers and financial identifiers expose individuals to direct financial fraud and unauthorized transactions
  • Home addresses combined with names enable targeted scams and even physical security risks
  • Email addresses become tools for highly personalized phishing attacks, which are more convincing because they use real data to appear legitimate

Cybersecurity researchers noted that the financial data visible in leaked email exchanges, including IBAN numbers and details of large monetary transfers, would be extremely valuable to criminal actors planning targeted fraud campaigns against executives and others connected to TriMed.

Steps to Take if Your Information Was Exposed

If you received a breach notification from TriMed, or have reason to believe your data may have been compromised, take these steps as soon as possible:

  • Place a fraud alert or credit freeze with all three major credit bureaus (Equifax, Experian, and TransUnion)
  • Monitor your bank and financial accounts regularly for any unauthorized transactions
  • Be cautious of emails, texts, or phone calls that reference your personal information, as these may be phishing attempts that exploit the breach
  • Keep records of any suspicious activity, costs associated with identity protection, and time spent dealing with breach-related issues
  • Consult with a data breach attorney to understand your legal rights before any applicable deadlines pass

Why Hire The Lyon Firm for a Data Breach Case?

The Lyon Firm has built a national reputation representing individuals harmed by corporate negligence, including victims of data breaches involving healthcare and medical device companies. Attorney Joe Lyon has been recognized by Super Lawyers and the National Trial Lawyers Top 100, and has represented clients in over 40 multi-district litigations in both federal and state courts.

When a company like TriMed, which is part of a large corporate structure with significant resources, fails to protect the personal information entrusted to it, victims deserve an advocate with the experience and resources to take on that fight. The Lyon Firm offers free, confidential case evaluations and handles data breach cases on a contingency fee basis, meaning you pay no legal fees unless we recover compensation on your behalf.

Data breach litigation can be complex, and legal deadlines apply. California law limits the time you have to file a claim. If your information was exposed in the TriMed breach, do not wait.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.