TriMed Reports Data Breach After Unauthorized Access to Network Files

What happened

TriMed reported a data breach after an unauthorized third party accessed parts of its network where order forms and invoices were stored. TriMed, a Santa Clarita, California-based manufacturer of upper and lower orthopedic implants, said it identified suspicious activity in September 2025 and launched an investigation. The forensic review found the unauthorized access occurred between Sept. 13 and Sept. 21, 2025, during which files were potentially accessed and acquired. TriMed said the exposed records mainly contained information related to orthopedic hardware ordered on a patient’s behalf, including part type, installation components such as screws, and the ordering surgeon’s name. In some cases, the files also contained names, dates of birth, and medical record numbers. The company said the documents did not contain Social Security numbers or financial information. 

Who is affected

The direct exposure affects individuals whose information appeared in the order forms and invoices stored in the affected parts of TriMed’s network. TriMed said some files included names, dates of birth, and medical record numbers. The Maine Attorney General filing cited in the report said two Maine residents were affected, but the total number of affected individuals was not disclosed. 

Why CISOs should care

This incident matters because it shows how operational and fulfillment documents can still contain protected personal and medical information even when they are not designed as primary patient record systems. It also highlights the response burden that follows when organizations must determine exactly which files included personal data, notify affected individuals, and strengthen controls after unauthorized access to shared network storage. 

3 practical actions

1. Review operational document exposure: Identify whether order forms, invoices, and similar workflow documents contain personal or medical information that would expand breach scope if accessed. 
2. Tighten shared-storage monitoring: Strengthen controls and threat detection around the network locations where operational files are stored, since that was the reported access point in this incident. 
3. Match support to the actual data types involved: Align notification and protection services to the exposed data categories, even where Social Security numbers and financial information were not involved. 

For more news about incidents involving exposure of personal information, click Data Breach to read more.