Richmond University Medical Center Data Breach Affects 674,033 individuals

Published
December 26, 2024
Updated
January 10, 2025
Richmond University Medical Center Data Breach Affects 674,033 individuals
Richmond University Medical Center
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Richmond University Medical Center (RUMC), affiliated with Mount Sinai Hospital, recently experienced a significant data breach that has affected 674,033 individuals across the United States.

The breach, which was discovered on December 1, 2024, involved unauthorized access to RUMC’s network, resulting in the exposure of sensitive personal and medical information.

The breach occurred when an unauthorized actor accessed and potentially acquired files from RUMC’s network. The investigation revealed that the files were accessed or removed on or around May 6, 2023.

A detailed manual review of the compromised files identified that they contained sensitive information, including:

  • Full names
  • Social Security numbers
  • Medical records
  • Financial account information
  • Driver’s license numbers
  • Credit/debit card numbers

The breach was disclosed to various authorities, including the Maine Attorney General’s office on December 22, 2024, the Massachusetts Attorney General’s office on December 20, 2024, and the U.S. Department of Health and Human Services on December 19, 2024. The Maine Attorney General’s office reported that 32 residents in the state were affected, while the Massachusetts Attorney General’s office confirmed that 167 residents were impacted.

Richmond University Medical Center's response

Upon discovering the breach, Richmond University Medical Center immediately took action to contain and secure the threat. The organization launched a thorough investigation in collaboration with external cybersecurity professionals to assess the scope of the incident and determine the extent of the data exposure.

RUMC confirmed that its electronic health records system was not impacted. However, certain other files containing sensitive personal and health information were accessed or removed. The organization conducted a manual review of the compromised files to identify affected individuals.

To mitigate potential risks, RUMC has offered complimentary credit monitoring services through Experian IdentityWorksSM Credit 3B to all impacted individuals. This service includes identity restoration support, credit monitoring, and up to $1 million in identity theft insurance. Additionally, RUMC has implemented enhanced security measures to safeguard its systems and prevent future incidents.

Steps you should take if you are affected by the data breach

If you have been notified that your information was compromised in this data breach, it is essential to take immediate steps to protect yourself. Here’s what you should do:

  1. Enroll in credit monitoring: Take advantage of the complimentary Experian IdentityWorksSM Credit 3B membership offered by RUMC. This service provides credit monitoring, identity restoration, and fraud detection tools.
  2. Place a fraud alert on your credit file: Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place a fraud alert on your credit file. This will notify creditors to verify your identity before opening new accounts.
  3. Consider a security freeze: If you are concerned about identity theft, request a security freeze on your credit file. This prevents creditors from accessing your credit report without your authorization.
  4. Review your financial and medical records: Regularly review your bank statements, credit card statements, and medical records for any unauthorized transactions or discrepancies.
  5. Obtain free credit reports: Under federal law, you are entitled to one free credit report annually from each of the three credit bureaus. Visit Annual Credit Report to request your reports and check for any suspicious activity.
  6. Report identity theft: If you suspect that your information has been misused, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov and contact your local law enforcement agency to file a police report.

By taking these steps, you can reduce the risk of identity theft and financial fraud.

For more details, you can view the disclosure on the Maine Attorney General’s website, the Massachusetts Attorney General’s website, and the U.S. Department of Health and Human Services’ breach portal.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
December 19, 2024
Date of Breach
Breach Discovered Date
December 01, 2024
Total People Affected
674033
Information Types Exposed
  • social security numbers
  • Medical Records
  • Financial Account
  • Drivers Licenses
  • Credit/Debit Numbers
  • full name

Join the

Richmond University Medical Center

data breach lawsuit. It's free to join. 

Join the Lawsuit
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image