The Indiana Attorney General this week confirmed TriMed notified 81,203 people about a September 2025 data breach that compromised the following personal info:
- Names
- Medical record numbers
- Dates of birth
- Info related to implant parts ordered
A cybercriminal group called Lynx took credit for the breach on October 2, 2025. To prove its claim, Lynx posted sample images on its website of what it says are documents stolen from TriMed.
TriMed has not acknowledged Lynx’s claim and Comparitech cannot independently verify it. We do not know how attackers breached TriMed, if TriMed paid a ransom, or how much Lynx demanded. Comparitech contacted TriMed for comment and will update this article if it replies.
“A recent incident affected certain files, such as order forms and invoices, that may have contained information related to this hardware and the individuals who received it. In limited instances, these documents may have included personal information,” TriMed said in a March 27 update.
“TriMed determined that certain files were potentially accessed or acquired without authorization between September 13, 2025, and September 21, 2025.”
Who is Lynx?
Lynx is a spin-off of Inc, another prominent ransomware group. Started in July 2024, Lynx operates a ransomware-as-a-service scheme in which affiliates pay Lynx to use its malware and infrastructure to launch attacks and collect ransoms. Lynx’s malware both steals data and encrypts target systems.
Lynx has claimed responsibility for 377 ransomware attacks in total, 55 of which were confirmed by the targeted organizations. The attack on TriMed is Lynx’s second confirmed attack on a healthcare manufacturer. In October 2024, the group took credit for a data breach at Tiger Aesthetics Medical.
Lynx has also claimed responsibility for two confirmed breaches at healthcare providers:
- Community Based Support in Australia reported an October 2025 data breach
- Lakelands Public Health in Canada reported a January 2026 data breach
In 2026 to date, Lynx has claimed 44 ransomware attacks, three of which were confirmed by targets.
Ransomware attacks on US healthcare businesses
Comparitech researchers logged 31 confirmed ransomware attacks in 2025 against US healthcare businesses that don’t provide direct care. The category includes pharmaceutical companies, medical device manufacturers, medical software developers, and medical billing companies, but not hospitals, clinics, or other care providers.
Those 31 attacks compromised more than 7.2 million records. Some of of the largest such breaches include:
- Catalyst RCM and Viktor Scientific notified 140,000 people of a November 2025 data breach claimed by Everest
- Resource Corporation of America reported a December 2025 data breach for which Medusa demanded $800,000 in ransom
- Humana notified at least 1,000 people of an August 2025 data breach claimed by Clop
Ransomware attacks on manufacturers can lock down computer systems and steal data. Successful infections can disrupt billing, communications, orders, shipments, and in some cases manufacturing equipment and processes. The attackers demand a ransom to restore infected systems and delete stolen data. Businesses that refuse to pay up face extended downtime, permanent data loss, unauthorized data disclosure, and putting data subjects at increased risk of fraud.
About TriMed
Based in Valencia, CA, TriMed makes orthopaedic implants. In April 2024, the company was acquired by Henry Schein.
