TriMed Data Breach Exposes Sensitive Personal and Medical Info

TriMed Inc., a California-based medical device company that designs and develops orthopedic implants, disclosed a data breach that may have exposed personal and medical information of certain individuals. The company, headquartered in Santa Clarita, California, discovered the breach on Jan. 23, 2026.

The breach was reported to the Maine Attorney General on March 27, 2026, with two Maine residents identified as affected.

TriMed began notifying affected consumers on March 27, 2026, through written notice. The company also posted a notice on its website with details about the incident and steps individuals can take.

What happened in the TriMed data breach

On Oct. 2, 2025, a ransomware group known as LYNX claimed responsibility for the attack in a posting on the Tor dark web network, stating it had obtained data from the organization.

TriMed detected suspicious activity on certain systems and launched an investigation, which confirmed that the company was the victim of a cybersecurity incident. TriMed also engaged external cybersecurity specialists to help determine the scope and impact of the breach.

The company determined that certain files were potentially accessed or acquired without authorization between Sept. 13, 2025, and Sept. 21, 2025. TriMed then conducted a comprehensive programmatic and manual review of those files.

On Jan. 23, 2026, the company learned that some personal information may have been involved in the incident.

The types of information exposed included names, dates of birth, medical record numbers and information related to implant parts ordered on individuals' behalf (for example, the type of part, associated installation components such as screws, or the ordering surgeon's name).

Importantly, the company stated that the breach did not involve Social Security numbers, personal bank account data or personal credit card data.

TriMed's response to the breach

As a precaution, TriMed is offering affected individuals a complimentary 24-month membership to Experian IdentityWorks. The membership includes credit monitoring, identity restoration support and $1 million in identity theft insurance. Affected individuals must enroll by July 31, 2026, using the activation code provided in their notification letter.

The company has set up a dedicated call center for questions about the incident. Individuals can call 844-558-4660, Monday through Friday, 9 a.m. to 9 p.m. Eastern Time, excluding major U.S. holidays. This call center will be available for approximately 90 days from the date of the letter.

Steps to take if information was exposed in the TriMed breach

• Review medical records and insurance statements for any unfamiliar activity, including Explanation of Benefits statements that may reference medical services or devices not actually received.
• Request free credit reports at AnnualCreditReport.com and look for any accounts or inquiries that seem unfamiliar.
• Consider placing a fraud alert or credit freeze with the three major credit bureaus (Equifax at 1-800-525-6285, Experian at 1-888-397-3742 and TransUnion at 1-800-916-8800) to help prevent unauthorized accounts from being opened.
• Be cautious of phishing attempts that reference TriMed Inc. or this data breach by name, as scammers sometimes use real breach notifications to trick people into sharing additional personal information.
• Report suspected identity theft or fraud to the Federal Trade Commission at identitytheft.gov or by calling 1-877-438-4338, or contact a state attorney general's office for additional guidance.