A class action lawsuit has been filed against Brunswick Hospital Center Foundation, Inc., alleging failure to protect sensitive patient information during a data breach that occurred between July and August 2024.
The lawsuit was filed by plaintiff Christa Kellermann on behalf of herself and others whose personally identifiable information (PII) and protected health information (PHI) were allegedly compromised. According to the complaint, Brunswick Hospital Center Foundation, a mental health treatment facility in Amityville, New York, detected unusual activity in its systems on September 3, 2024. An internal investigation revealed that unauthorized individuals had accessed patient data during the summer of that year. The compromised information included names, birth dates, medical records, Medicare and Medicaid identification numbers, treatment details, billing information, and insurance data.
The complaint alleges that Brunswick failed to implement adequate security measures and delayed notifying patients about the breach for approximately eight months. As a result, the plaintiffs claim they are now at increased risk of identity theft and fraud. The lawsuit asserts claims of negligence, negligence per se under HIPAA guidelines and Federal Trade Commission regulations, and breach of fiduciary duty related to the handling of patient data without adequate protection or timely notification.
Kellermann is seeking monetary damages and injunctive relief, including compensation for loss of privacy and emotional distress arising from the exposure of sensitive, non-changeable personal information. The complaint states that the leak of such data increases the risk of long-term harm due to its potential misuse by third parties.
The plaintiff is represented by attorney Daniel J. Solinsky of Lynch Carpenter LLP. The case was filed in the United States District Court for the Eastern District of New York under Case ID 2:25-cv-02709 and is presided over by Judge Pamela K. Chen.