Richmond University Medical Center says 2023 cyber attack impacted over 670,000 patients

Staten Island, New York-based healthcare provider Richmond University Medical Center said that the data security incident it suffered in 2023 compromised the sensitive personal information of more than 670,000 individuals.

In a data security incident notification, Richmond University Medical Center said that on May 6, 2023, it identified unauthorised access to its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

“Although the initial forensic investigation determined our electronic health records system was not affected by the incident, the investigation subsequently determined that certain other files may have been accessed or removed from our network on or around May 6, 2023,” reads the notice.

The compromised data included names, social security numbers, dates of birth, driver’s license numbers or state identification numbers, other government identification numbers, financial account information, credit or debit card information, biometric information, user credentials, medical treatment/diagnosis information, and health insurance policy information.

In a filing with the U.S. Department of Health and Human Services, the medical centre said that it identified at least 674,033 individuals who were impacted by the data security incident.

While the healthcare provider found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

It has also offered one year of complimentary identity protection and credit monitoring services through IdentityWorks Credit 3B to individuals whose social security number was compromised during the incident.