Richmond University Medical Center (RUMC), a critical healthcare provider serving Staten Island, New York, has disclosed a data breach compromising sensitive personal and health information. The breach highlights the growing vulnerabilities in healthcare networks and the significant impact on individuals who entrust their data to medical institutions.
RUMC is a major healthcare hub for Staten Island, serving over 500,000 residents annually. With a focus on acute and specialized care, the institution operates critical emergency services, specialized surgical programs, and community health initiatives.
RUMC revealed unauthorized access to its network on May 6, 2023, allowing external actors to access or acquire sensitive files. While initial investigations suggested the electronic health records system remained secure, subsequent analyses uncovered that other files, potentially containing personal and health information, were compromised. After an extensive manual review process completed on December 1, 2024, RUMC identified the following information as impacted:
- Full names
- Social Security numbers
- Addresses
- Dates of birth
- Health insurance information
- Medical history or treatment details
The above information places impacted individuals at elevated risk for phishing and social engineering attacks, so heightened vigilance is advised. Unfortunately, impacted patients are receiving notices of the data breach only now, over 20 months after the incident was discovered.
RUMC reportedly acted swiftly to secure its network, enlisting cybersecurity experts to assist in containment and forensic analysis. The organization also provides complimentary credit monitoring services via Experian IdentityWorks for affected individuals.
The Richmond University Medical Center letter advises individuals to take advantage of the identity theft protection service, notify credit bureaus to flag potential unauthorized activities, and monitor accounts and medical records for discrepancies or unauthorized transactions. Additionally, notification recipients are urged to consider locking credit reports to prevent fraudulent account creation.
RUMC has reaffirmed its commitment to data privacy and ongoing efforts to enhance security systems. Affected individuals are encouraged to contact the dedicated response team at RUMC for additional guidance and resources.
The healthcare organization has not yet disclosed how many people are impacted by this incident. Also, the perpetrators remain unknown, and no ransomware groups have assumed responsibility for the attack at RUMC yet.
North Korean Hackers ‘Lazarus’ Target Nuclear Orgs with New Malware
Leave a Reply