.png)
Medstar Health Data Breach Lawsuit Investigation
Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Medstar Health data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Medstar Health
MedStar Health is a not-for-profit regional healthcare system based in Columbia, Maryland. It is recognized as the largest healthcare provider in Maryland and the Washington, D.C., region, operating ten hospitals and over 300 care locations, including urgent care clinics, ambulatory centers and physician offices.
MedStar Medical Group, one of the largest medical groups in the U.S., practices patient-centered care at more than 280 locations.
The organization employs more than 35,000 people, including over 9,200 nurses and about 4,000 physicians. MedStar Health is also a major center for medical education, training over 1,150 medical residents annually as the clinical partner of Georgetown University. In fiscal year 2024, MedStar Health reported $8.3 billion in net operating revenue and provided care through more than six million outpatient visits.
What Happened?
On Oct. 4, 2025, MedStar Health discovered a cybersecurity incident where an outside party gained unauthorized access to its systems containing patient information. The breach has also been linked to the RHYSIDA ransomware group, which claimed responsibility and threatened to publish the stolen data on the dark web.
The breach took place between Sept. 12, 2025, and Sept. 16, 2025. MedStar Health immediately secured its systems, launched an investigation with third-party forensic experts and notified law enforcement. By Nov. 12, 2025, MedStar Health determined that files accessed by the unauthorized party contained sensitive patient information.
Information Exposed
- Names
- Dates of birth
- Social Security numbers
- Diagnoses
- Medications
- Test results
- Images
- Health insurance information
- Treatment information
The organization began mailing notification letters to affected patients on Dec. 3, 2025.
Your Rights and Next Steps
If you received a data breach notification from Medstar Health, or your provider, you have important rights and options. You may be entitled to seek compensation for any harm or inconvenience caused by this cybersecurity incident.
- Identity theft protection services: Sign up for the free identity theft protection services, if offered.
- Monitor your accounts carefully: Check your financial statements regularly for suspicious activity or unauthorized transactions. If you notice anything unusual, contact your financial institution immediately.
- Fraud alert and credit reports: A fraud alert informs creditors to take extra steps to verify your identity before opening new accounts in your name. Consumers are also entitled to one free credit report annually from each credit bureau. You can request a fraud alert or a credit report by contacting any one of the three major credit bureaus.
- Seek legal help: Lawyers are ready to help you understand your rights and pursue compensation.
You May Be Entitled to Compensation
If your information was compromised in the MedStar Health data breach, you may be eligible for compensation, which could include reimbursement for out-of-pocket expenses, time spent addressing the breach, or payment for emotional distress.
Lawyers are ready to help you take the next steps. To find out if you qualify and to join a lawsuit, complete the form below.
.svg)