A class-action lawsuit has been filed against Richmond University Medical Center over a data breach that exposed the personal information of more than 674,000 individuals. Edward Quinn and Monique Leslie, the plaintiffs, filed the complaint in the U.S. District Court for the Eastern District of New York on January 21, 2025.
They accuse the medical center of failing to protect sensitive patient data, resulting in unauthorized access by cybercriminals.
The lawsuit details how a targeted cyberattack on May 6, 2023, compromised the medical center's computer systems, leading to the theft of personally identifiable information (PII) and personal health information (PHI), including medical records, Social Security numbers, and financial details.
Despite discovering the breach promptly, Richmond University Medical Center allegedly delayed notifying affected individuals until December 2024.
The plaintiffs argue this delay worsened potential harm by preventing timely protective measures against identity theft.
Quinn and Leslie claim that the medical center breached its duty to safeguard patient data, as required by industry standards and legal obligations under laws like HIPAA and Section 5 of the Federal Trade Commission Act.
They assert that the center failed to implement adequate cybersecurity protocols, despite being aware of the growing threats targeting healthcare providers. As a result, the plaintiffs and class members now face heightened risks of identity theft and fraud.
The plaintiffs seek several forms of relief from the court, including declaratory and injunctive relief to ensure that Richmond University Medical Center strengthens its data security measures.
They also request monetary compensation for damages incurred from the breach, including costs for credit monitoring services needed due to the increased risk of identity theft.
Representing Quinn and Leslie are attorneys from law firms specializing in consumer protection. The case has been assigned Case ID 1:25-cv-00357.