.png)
Ellis Medicine Data Breach Investigation
Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Ellis Medicine data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Ellis Medicine
Ellis Medicine is a not-for-profit community and teaching healthcare system based in Schenectady, New York. Founded in 1885, Ellis Medicine serves the Capital Region of New York through four main campuses: Ellis Hospital, Ellis Health Center, Bellevue Woman’s Center and the Medical Center of Clifton Park. The organization also operates several additional service locations.
The system has approximately 438 beds, employs more than 3,300 people and works with over 700 medical staff members. Ellis Medicine provides a wide range of inpatient and outpatient services, including cardiac, cancer, emergency, neuroscience and women’s health services.
It is the sole provider of acute hospital care in Schenectady County and reports annual revenue of $383 million.
What Happened?
On May 14, 2025, Ellis Medicine discovered a data breach involving unauthorized access to an employee email account. The breach occurred during two separate periods: Jan. 17, 2025, through Jan. 24, 2025, and March 27, 2025, through April 5, 2025. After identifying suspicious activity, Ellis Medicine reset passwords, reset multi-factor authentication and worked with third-party specialists to investigate.
In total, 13,383 people in the United States were affected by this breach, including eight individuals in Maine. Ellis Medicine notified affected individuals by written letter on July 17, 2025.
Your Rights and Next Steps
If you received a notification from Ellis Medicine about this breach, it is important to understand your rights and available options. Even though the exposed information may seem limited, any unauthorized access to personal information can increase the risk of identity theft or fraud.
Ellis Medicine is offering twelve months of complimentary single-bureau credit monitoring, credit reports and credit score services through Cyberscout, a TransUnion company. Affected individuals should review their credit reports and account statements for any suspicious activity. Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit bureaus: TransUnion, Experian and Equifax.
You have the right to place a fraud alert or a credit freeze on your credit file at no cost. A fraud alert requires businesses to verify your identity before extending new credit, while a credit freeze restricts access to your credit report entirely. Both options can help protect against potential misuse of your information.
If you notice any unusual activity or believe you are a victim of identity theft, contact your financial institution and consider filing a report with law enforcement or the Federal Trade Commission.
You May Be Entitled to Compensation
Lawyers are ready to help individuals affected by the Ellis Medicine data breach. If your information was exposed, you may be eligible for compensation as part of a class action lawsuit. By taking action, you can help hold organizations accountable for protecting sensitive information.
To find out if you qualify and to join the lawsuit investigation, complete the below form.
.svg)