TriCity Family Services Breach Exposes PII and PHI of 2,511 Clients

The TriCity Family Services data breach has impacted 2,511 individuals, exposing personally identifiable information (PII) and protected health information (PHI). The incident was the result of a ransomware attack attributed to the INC RANSOM group, who claimed to have stolen 22 GB of data from the organization.

According to TriCity Family Services, the breach occurred between Nov. 11, 2024, and May 14, 2025.

The unauthorized actor gained access to the organization’s network and downloaded copies of files containing client information. The breach was discovered in spring 2025, prompting TriCity Family Services to secure their systems and initiate an investigation with the help of a third-party cybersecurity forensics firm.

The types of information exposed in this breach may vary by individuals, but overall include names, dates of birth, presenting problem, requested treatment, treatment location and provider name. TriCity Family Services confirmed that their electronic medical records were not affected, and the compromised data was limited to information collected at intake.

The breach was reported to the U.S. Department of Health and Human Services on Dec. 8, 2025. A formal notice to consumers has also been posted to TriCity's website.

TriCity Family Services' response

As part of their ongoing commitment to privacy, TriCity Family Services is reviewing and updating their policies, procedures and processes related to the storage and access of sensitive information.

For those affected, TriCity Family Services' website notice details instructions on how to request credit reports, place fraud alerts or credit freezes, and contact the three major credit bureaus.

TriCity Family Services has also set up a dedicated call center at 888-360-9994, available Monday through Friday, 9 a.m. to 9 p.m. Eastern, excluding major U.S. holidays.

Impacted individuals are encouraged to remain vigilant by reviewing account statements, monitoring free credit reports and explanation of benefits for suspicious activity or errors. Monitoring for identity theft and fraud is strongly recommended, especially since the information exposed could be used in targeted scams or for other malicious purposes.