A class action lawsuit has been filed against Richmond University Medical Center, raising concerns over data security and patient privacy. On January 3, 2025, Cory Scripps filed a complaint in the United States District Court for the Eastern District of New York, accusing the medical center of failing to protect sensitive personal and health information from a significant data breach.
The lawsuit, brought by Scripps on behalf of himself and others similarly affected, alleges that Richmond University Medical Center failed to secure personally identifiable information (PII) and protected health information (PHI).
The breach, publicly disclosed by RUMC on December 19, 2024, was first identified on May 6, 2023. The compromised data includes names, medical diagnoses, treatment details, and dates of birth. Scripps claims that the medical center did not implement adequate security measures despite being aware of potential cyberattack risks.
"Defendant failed to take precautions designed to keep its patients’ private information secure," the complaint states.
Richmond University Medical Center is accused of negligence, unjust enrichment, breach of implied contract, and breach of confidence. The lawsuit notes that RUMC had numerous statutory and regulatory obligations to protect patient information but allegedly failed to meet those duties.
Scripps claims that as a result, he has experienced an increase in spam communications and is now at heightened risk of identity theft. He also argues that RUMC delayed notifying affected individuals for 19 months after discovering the breach.
Scripps seeks damages exceeding $5 million on behalf of approximately 674,033 class members impacted by the breach. The relief sought includes compensation for financial losses related to the misuse of private information and preventative costs for identity theft protection services. Additionally, Scripps demands changes in RUMC’s data security practices to prevent future breaches.
Representing Scripps are attorneys Courtney E. Maccarone and Mark Svensson from Levi & Korsinsky LLP. The case is identified as 1:25-cv-00068.