Associate Attorney
NEW YORK, NY – [February 6, 2025] – Woods Lonergan PLLC, a leading complex litigation firm including class action lawsuits and data privacy litigation, is actively investigating a potential class action lawsuit against Richmond University Medical Center (RUMC), a teaching hospital in Staten Island, New York, following a significant data breach that has impacted over 674,000 individuals. Richmond University Medical Center, a 440-bed teaching hospital serving Staten Island residents, offers a wide array of medical services, including emergency care, surgery, and specialized treatments in cardiology, gastroenterology, and pediatrics. While the data breach stemmed from a ransomware attack in May 2023, Richmond University Medical Center waited until January 2025 to begin notifying affected individuals**, potentially exposing a wide range of sensitive personal and medical information for an extended period.
This breach potentially compromised an alarming amount of highly sensitive, Personally Identifiable Information (PII) and Protected Health Information (PHI), confidential data, including:
- Protected Health Information (PHI)
- Names, Dates of Birth, and Contact Information
- Social Security Numbers (SSN)
- Financial Information
- Medical Records, including diagnoses and treatment information
- Health Insurance Information
If you believe your personally identifiable information (PII) or protected health information (PHI) has been compromised in the Richmond University Medical Center Data Breach, call our law offices at (212) 684-2500 or Schedule a Confidential Consultation with our Data Breach Lawyers today to file a claim.
Details of the Richmond University Medical Center Data Breach and Alleged Negligence:
Richmond University Medical Center, a major healthcare provider in Staten Island, experienced a ransomware attack in May 2023 that led to the data breach, with the hospital notifying individuals of the breach in January 2025. The cyberattack reportedly caused a “multi-week disruption” of RUMC’s computer systems, forcing hospital staff to resort to manual data entry and requiring nurses to individually monitor patients, according to media reports. According to reports, the initial cyberattack occurred in May 2023, but the notification process was significantly delayed, raising concerns about the hospital’s response time and transparency. The data breach was reportedly linked to the BlackCat ransomware group, known for targeting healthcare organizations. A class action lawsuit has already been filed against RUMC alleging negligence and failure to adequately protect patient data. The lawsuit claims that RUMC failed to implement and maintain reasonable cybersecurity measures to protect patient information, leading to the breach and subsequent exposure of sensitive data.
The lawsuit under investigation alleges negligence on the part of Richmond University Medical Center in safeguarding the sensitive personal and medical information of its patients. Further allegations include RUMC’s potential failure to maintain adequate security measures and provide timely notification to those affected by the breach. This alleged negligence may constitute violations of HIPAA (Health Insurance Portability and Accountability Act) and New York state data security laws.
“‘The delay in notifying patients about a data breach that occurred in May 2023, until January 2025 is concerning, especially given the operational disruptions it caused at the hospital,’ said Jim Woods, Managing Partner of Woods Lonergan PLLC. ‘Reports indicate that the breach involved a ransomware attack, suggesting a significant failure in preventative cybersecurity measures. The exposure of protected health information and financial data for over 674,000 individuals demands a thorough investigation and accountability from Richmond University Medical Center. We are dedicated to advocating for the rights of those affected and ensuring RUMC takes necessary steps to prevent future incidents.'”
Impact on Victims: The data breach places over 674,000 individuals at risk of identity theft, medical identity theft, financial fraud, and significant emotional distress. The exposure of sensitive medical records and financial details can have severe and long-lasting consequences for the victims.
Legal Claims of the Richmond University Medical Center Data Breach:
The investigation is focused on potential violations of:
- HIPAA (Health Insurance Portability and Accountability Act): Protecting patient health information.
- New York State Data Breach Notification Laws: Violations of New York state laws regarding data breach notification and security.
- Negligence: Richmond University Medical Center’s failure to adequately protect sensitive patient data.
If you believe your personally identifiable information (PII) or protected health information (PHI) has been compromised in the Richmond University Medical Center Data Breach, Call our law offices at (212) 684-2500 or Schedule a Confidential Consultation with our Data Breach Lawyers today to file a claim.
Woods Lonergan PLLC is a leading New York-based litigation firm including class action lawsuits and data privacy litigation. For over 30 years, our firm has been a leader in complex litigation and trial law in New York. Our law firm is currently representing plaintiffs in the 23andMe Data Breach Lawsuit, which is nearing final settlement approval for $30 million dollars in the U.S. District Court for the Northern District of California. Woods Lonergan PLLC has a proven track record of successfully holding large corporations accountable for failing to protect highly sensitive consumer data.
[1] Richmond University Medical Center data breach affects 674,000. Healthcare Finance News. https://www.healthcarefinancenews.com/news/richmond-university-medical-center-data-breach-affects-674000. Accessed February 6, 2025.
[2] Ionut Arghire. New York Hospital Says Ransomware Attack, Data Breach Impacts 670,000. SecurityWeek. https://www.securityweek.com/new-york-hospital-says-ransomware-attack-data-breach-impacts-670000/. Published January 28, 2025. Accessed February 6, 2025.
[3] Staten Island hospital notifying 674,000 of May 2023 hack. BankInfo Security. https://www.bankinfosecurity.com/staten-island-hospital-notifying-674000-may-2023-hack-a-27225. Accessed February 6, 2025.
[4] Pierluigi Paganini. Richmond University Medical Center data breach. SecurityAffairs. https://securityaffairs.com/172641/data-breach/richmond-university-medical-center-data-breach.html. Published January 29, 2025. Accessed February 6, 2025.
[5] Class action lawsuit filed against hospital on Staten Island over 2023 data breach. SILive.com. https://www.silive.com/news/2025/01/class-action-lawsuit-filed-against-hospital-on-staten-island-over-2023-data-breach.html. Published January 29, 2025. Accessed February 6, 2025.
[6] Lawsuit accuses Richmond University Medical Center of failing to protect data in breach. South Shore Press. https://southshorepress.com/stories/669256487-lawsuit-accuses-richmond-university-medical-center-of-failing-to-protect-data-in-breach. Published January 31, 2025. Accessed February 6, 2025.