Trinity Health Data Breach Exposes Government IDs and Health Information

Trinity Health, one of the largest not-for-profit Catholic health care systems in the United States, reported a data breach involving the unauthorized disclosure of patient health information through an electronic Health Information Exchange (HIE).

The breach was reported to the Massachusetts Attorney General and the Vermont Attorney General, as well as the U.S. Department of Health and Human Services. The breach affected 5,905, previously 2,740, individuals, including 51 residents of Massachusetts.

On Jan. 13, 2026, Trinity Health was notified by its HIE partner of a potential unauthorized disclosure of patient health information. An HIE member called Health Gorilla, which manages data exchange requests for certain other companies, had stated that patient health information was needed for treatment purposes.

However, the HIE was unable to confirm Health Gorilla's statements or whether the companies that received the information had proper authorizations for the data they obtained through the exchange.

The types of information that may have been disclosed vary based on the content of the information exchanged but may have included clinical care details, demographic information, insurance information and potentially driver license numbers.

Additional categories of exposed information listed in regulatory filings include medical records, email addresses, location of service, medical record numbers, member numbers, patient ID numbers, patient names, procedure names, provider names and specialties, and transaction information.

Trinity Health's response

Trinity Health is offering complimentary credit monitoring and identity protection services to affected individuals at no charge. The services are being provided by Cyberscout, a TransUnion company.

Trinity Health has set up a dedicated assistance line for people with questions about the incident. Affected individuals can call 1-833-877-5364, Monday through Friday, between 7 a.m. and 7 p.m. CT, excluding holidays.

People may also write to Trinity Health at 20555 Victor Parkway, Livonia, MI 48152 or email privacyofficer@trinity-health.org.