Staten Island University Hospital’s patient data was affected by a cyberattack on Medibase, a healthcare solutions provider working with the hospital. The breach, discovered around January 26, 2024, led to unauthorized access to sensitive information, including full names, Social Security numbers, dates of birth, admission and discharge dates, and insurance details. Although no hospital systems were compromised, the incident exposed private patient data.
Medibase issued a notice on July 5, 2024, detailing the cybersecurity breach and its impact on patients at Staten Island University Hospital. The company confirmed that while its own systems were targeted, no client systems were breached. Medibase has since engaged a security and forensics group to investigate the attack and has notified affected patients.
The company reassured patients that no clinical information or payment-related data was compromised. Medibase emphasized that the breach appeared to target the company itself rather than individual patient data. Patients have been advised to monitor their account statements and credit reports for signs of fraud and identity theft.
In response, Medibase is implementing enhanced security protocols, continuous monitoring, and staff training to prevent future incidents. The company has offered complimentary identity theft protection services to impacted individuals and has notified U.S. federal law enforcement and the Department of Health and Human Services.