25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Staten Island University Hospital Settles Lawsuit Over Business Associate Data Breach

Posted By on Feb 10, 2026

Staten Island University Hospital (SIUH) in New York has agreed to settle a class action lawsuit over a 2024 data breach involving one of its business associates. The data breach occurred in January 2024 at The Medibase Group Inc., a vendor that provides healthcare solutions, technical assistance, and business office solutions. On or around May 8, 2024, The Medibase Group notified SIUH that an unauthorized third party had gained access to Medibase systems, which contained the protected health information of 35,106 individuals. Data compromised in the incident included names, Social Security numbers, dates of birth, medical information, and health insurance information. Notification letters were mailed to the affected individuals on July 5, 2024.

A class action lawsuit was filed by plaintiffs Belle De Santiago and Elena Girenko over the data breach – Santiago et al. v. Staten Island University Hospital – in the Superior Court of Cherokee County for the State of Georgia. The lawsuit alleged the data breach was the result of the defendant’s failure to implement reasonable and appropriate security measures to protect sensitive patient data.

The lawsuit asserted claims of negligence/negligence per se, breach of implied contract, and unjust enrichment. SIUH denies all claims of wrongdoing, fault, and liability; however, it agreed to a settlement to avoid the litigation costs and expenses, distractions, burden, expense, and disruption to its business operations associated with further litigation. Class counsel and the lead plaintiffs believe the negotiated settlement is reasonable and fair.

Class members may submit a claim for two years of medical data monitoring services, which include a $1 million identity theft insurance policy. In addition, a claim may be submitted for cash payments. A claim can be submitted for compensation for documented, unreimbursed out-of-pocket losses due to the data breach up to a maximum of $1,000 per class member. A claim may also be submitted for a $35.00 flat cash payment. The deadline for exclusion and opting out is March 2, 2026. The deadline for submitting a claim is March 16, 2026, and the final fairness hearing has been scheduled for March 31, 2026.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist