Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

New York Hospital Says Ransomware Attack Data Breach Impacts 670,000

Richmond University Medical Center has been investigating a ransomware attack since May 2023 and it recently determined that it affects 670,000 people. 

Hospital Ransomware Attack

The Richmond University Medical Center in New York has been investigating a ransomware attack since May 2023 and it recently determined that the incident resulted in a data breach affecting more than 670,000 people. 

The healthcare facility, which serves residents in Staten Island, New York, suffered significant disruptions in May 2023 after being targeted in a ransomware attack. It took the organization several weeks to restore impacted services.

An initial forensic investigation showed that the hospital’s electronic health record systems were not compromised, but it was later determined that other files may have been accessed or exfiltrated from Richmond University Medical Center’s network in early May. 

“Once the investigation determined what files may have been accessed or removed from our network, we located a copy of each file and then undertook a manual review process of those files to determine whether they contained any sensitive personal information or personal health information,” the hospital said in a security incident notice.

On December 1, 2024, investigators determined that at least one of the exposed files contained personal information, including names and one or more of the following types of data: Social Security numbers, driver’s license or state ID numbers, dates of birth, financial account information, payment card information, biometric information, user credentials, medical information, and health insurance policy information. 

Individuals whose SSN may have been compromised are being offered 12 months of free credit monitoring services. 

However, if the information was indeed stolen more than one and a half years ago, cybercriminals and fraudsters have had plenty of time to abuse it. 

SecurityWeek has not seen any known ransomware group taking credit for the Richmond University Medical Center attack. 

Advertisement. Scroll to continue reading.

While this could indicate that the healthcare organization paid a ransom to avoid a data leak, the investigation apparently determined that sensitive information was compromised long after a ransomware group would have made the stolen information public. 

When the hospital informed state attorney generals about the incident in mid-December 2024, it did not disclose the exact number of impacted individuals, but the organization told the US Department of Health and Human Services in recent days that the data breach impacts 674,033 people. 

Related: Other Healthcare Data Breaches Covered by SecurityWeek

Related: American Addiction Centers Data Breach Impacts 422,000 People

Related: Regional Care Data Breach Impacts 225,000 People

Related: 446,000 Impacted by Center for Vein Restoration Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.