Richmond University Medical Center (RUMC), affiliated with Mount Sinai Hospital, recently experienced a significant data breach that has affected 674,033 individuals across the United States.
The breach, which was discovered on December 1, 2024, involved unauthorized access to RUMC’s network, resulting in the exposure of sensitive personal and medical information.
The breach occurred when an unauthorized actor accessed and potentially acquired files from RUMC’s network. The investigation revealed that the files were accessed or removed on or around May 6, 2023.
A detailed manual review of the compromised files identified that they contained sensitive information, including:
The breach was disclosed to various authorities, including the Maine Attorney General’s office on December 22, 2024, the Massachusetts Attorney General’s office on December 20, 2024, and the U.S. Department of Health and Human Services on December 19, 2024. The Maine Attorney General’s office reported that 32 residents in the state were affected, while the Massachusetts Attorney General’s office confirmed that 167 residents were impacted.
Upon discovering the breach, Richmond University Medical Center immediately took action to contain and secure the threat. The organization launched a thorough investigation in collaboration with external cybersecurity professionals to assess the scope of the incident and determine the extent of the data exposure.
RUMC confirmed that its electronic health records system was not impacted. However, certain other files containing sensitive personal and health information were accessed or removed. The organization conducted a manual review of the compromised files to identify affected individuals.
To mitigate potential risks, RUMC has offered complimentary credit monitoring services through Experian IdentityWorksSM Credit 3B to all impacted individuals. This service includes identity restoration support, credit monitoring, and up to $1 million in identity theft insurance. Additionally, RUMC has implemented enhanced security measures to safeguard its systems and prevent future incidents.
If you have been notified that your information was compromised in this data breach, it is essential to take immediate steps to protect yourself. Here’s what you should do:
By taking these steps, you can reduce the risk of identity theft and financial fraud.
For more details, you can view the disclosure on the Maine Attorney General’s website, the Massachusetts Attorney General’s website, and the U.S. Department of Health and Human Services’ breach portal.