The Staten Island University Hospital data breach settlement offers affected individuals up to $1,000 in reimbursement for out-of-pocket losses, a flat $35 cash payment, or two years of medical data monitoring with a $1 million identity theft insurance policy. If you received a notification letter and believe your personal information was compromised through the January 2024 breach of The Medibase Group Inc., you have until March 16, 2026 to submit your claim at medibasesiuhdatabreachsettlement.com. That deadline is just days away, so acting quickly matters.
The breach affected 35,106 individuals whose protected health information was exposed, including names, Social Security numbers, dates of birth, medical information, and health insurance details. The case, *Belle De Santiago and Elena Girenko v. Staten Island University Hospital*, was filed in the Superior Court of Cherokee County, Georgia, and while SIUH denies all wrongdoing, the hospital agreed to settle rather than continue fighting the lawsuit. This article walks through the full details of the settlement, your compensation options, who qualifies, how to file, and what to watch out for before the deadline passes.
Table of Contents
- What Happened in the Staten Island University Hospital Data Breach and Why Does It Matter for Your Claim?
- What Compensation Can You Claim and What Are the Limitations?
- Who Qualifies as a Class Member in This Settlement?
- How to File Your Claim Before the March 16 Deadline
- Common Pitfalls That Could Get Your Claim Denied
- What Happens After You Submit Your Claim
- Broader Implications of Vendor-Related Healthcare Data Breaches
- Frequently Asked Questions
What Happened in the Staten Island University Hospital Data Breach and Why Does It Matter for Your Claim?
In January 2024, an unauthorized third party accessed systems belonging to The Medibase Group Inc., a business associate of staten Island University Hospital that provides healthcare solutions, technical assistance, and business office solutions. Medibase did not notify SIUH of the breach until on or around May 8, 2024, meaning months passed before the hospital even knew its patients’ data had been compromised. Notification letters were then mailed to affected individuals on July 5, 2024, roughly six months after the initial intrusion.
This timeline matters because the gap between a breach and notification is often where the most damage occurs. If someone stole your Social Security number in January and you did not learn about it until July, that is a six-month window in which fraudulent accounts could have been opened, medical identity theft could have occurred, or your insurance information could have been used by someone else. Compare that to breaches where companies notify within 30 days — the extended exposure period here is part of why the lawsuit was filed in the first place. For your claim, understanding when the breach happened versus when you were notified can help you identify suspicious activity on your accounts during that gap period, which strengthens any request for out-of-pocket reimbursement.
What Compensation Can You Claim and What Are the Limitations?
The settlement provides three compensation options for eligible class members. First, you can claim up to $1,000 for documented, unreimbursed out-of-pocket expenses caused by the data breach. Second, you can opt for a flat $35 cash payment if you prefer not to document specific losses. Third, you can enroll in two years of medical data monitoring services that come bundled with a $1 million identity theft insurance policy. However, the $1,000 reimbursement option requires documentation.
You will need receipts, bank statements, or other records showing you spent money dealing with the aftermath of the breach — things like credit monitoring services you paid for out of pocket, fees for placing or lifting credit freezes, costs associated with identity theft recovery, or time spent dealing with fraud at a reasonable hourly rate. If you cannot document your losses, you are limited to the $35 flat payment. It is also worth noting that the $1,000 figure is a cap, not a guaranteed amount. If the total valid claims exceed the settlement fund, individual payments may be reduced proportionally. The $35 flat payment, while modest, requires no proof of harm beyond being a class member, making it the simpler route for people who did not experience direct financial fallout.
Who Qualifies as a Class Member in This Settlement?
You are a class member if your protected health information was compromised in the Medibase data breach and you received a notification letter from Staten Island University Hospital around July 2024. The settlement covers the 35,106 individuals whose data was exposed, and the notification letter you received should contain identifying information — typically a unique claim number or PIN — that you will need when filing. For example, if you were a patient at Staten Island University Hospital and Medibase handled any aspect of your billing, technical records, or business office functions, your data may have been in their systems.
Not every SIUH patient is automatically a class member, though. The breach was specific to records that Medibase had access to through its role as a business associate. If you are unsure whether you qualify, the official settlement website at medibasesiuhdatabreachsettlement.com has tools to verify your eligibility. If you never received a letter but suspect your data was compromised, you can also check through the site, though class membership is generally tied to the notification list.
How to File Your Claim Before the March 16 Deadline
Filing a claim is done through the official settlement website at medibasesiuhdatabreachsettlement.com. You will need your unique claim ID or notification letter, along with supporting documentation if you are pursuing the out-of-pocket reimbursement option. For the $35 flat payment, the process is simpler and generally requires just your identifying information and a valid mailing address or payment method. The tradeoff between the three options is straightforward but worth thinking through.
The $35 flat payment gets you guaranteed money with minimal effort. The $1,000 reimbursement option has a higher ceiling but demands proof and comes with the risk of pro-rata reduction if claims are heavy. The medical monitoring option has no direct cash value up front but provides ongoing protection, which may be more valuable if your Social Security number was exposed and you are worried about long-term identity theft rather than recovering past costs. You cannot select all three — the cash options and the monitoring option are typically presented as alternatives, so read the claim form carefully before submitting. If you have already been paying for identity monitoring since learning about the breach, you might claim those costs under the $1,000 option and still benefit more than the flat $35.
Common Pitfalls That Could Get Your Claim Denied
The most common reason claims get denied in data breach settlements is insufficient documentation. If you choose the out-of-pocket reimbursement path, vague descriptions of what you spent money on will not hold up. You need specific receipts, statements, or invoices showing expenses directly tied to the breach. A charge for a credit monitoring subscription you signed up for in February 2024, after hearing about the breach, is relevant. A charge for general financial software you already had is not. Another pitfall is missing the deadline entirely.
The claim submission deadline is March 16, 2026, and the exclusion or opt-out deadline already passed on March 2, 2026. If you wanted to opt out and pursue your own lawsuit, that window is closed. At this point, your options are to file a claim or do nothing. Doing nothing means you remain part of the class, are bound by the settlement terms, and give up any individual right to sue — but you receive no compensation. There is no benefit to sitting this out if you are eligible. Also be aware that submitting a claim with false information is fraud and can result in both denial and legal consequences, so only claim losses you actually incurred.
What Happens After You Submit Your Claim
Once you file, the settlement goes through a final fairness hearing scheduled for March 31, 2026. At that hearing, the court reviews whether the settlement terms are fair, reasonable, and adequate for the class members. If the judge approves the settlement, claim processing begins and payments are distributed after any appeals are resolved.
This process can take several months, so do not expect an immediate check in the mail. For context, in similar healthcare data breach settlements, payment distribution has typically occurred anywhere from three to nine months after final approval, depending on the volume of claims and whether any objections or appeals are filed. If the settlement is not approved or is modified, claimants are usually notified and given new options.
Broader Implications of Vendor-Related Healthcare Data Breaches
The Staten Island University Hospital case highlights a growing problem in healthcare: breaches that originate not with the hospital itself but with third-party vendors. Medibase, as a business associate, had access to sensitive patient records as part of its service agreement with SIUH. When Medibase’s systems were compromised, SIUH patients paid the price despite the hospital’s own systems remaining intact.
This vendor-liability chain is becoming one of the most common breach vectors in healthcare. Going forward, patients may want to ask healthcare providers who has access to their data and what security measures those vendors follow. Regulatory pressure under HIPAA is increasing on business associate agreements, but enforcement still lags behind the pace of breaches. For affected individuals in this case, the immediate priority is filing before March 16 and choosing the compensation option that best fits their situation.
Frequently Asked Questions
How do I know if I am part of the Staten Island University Hospital data breach settlement?
You should have received a notification letter mailed around July 5, 2024. The letter confirms your data was among the 35,106 records compromised in the Medibase breach. You can also verify your eligibility at medibasesiuhdatabreachsettlement.com.
Can I claim both the cash payment and the medical monitoring?
The settlement typically requires you to choose between the cash options and the monitoring benefit. Read the claim form carefully, as the specific terms dictate which combinations are allowed. In most similar settlements, the monitoring and cash payment are alternatives.
What if I already have identity monitoring through another service?
You can still file a claim. If you paid for monitoring out of pocket specifically because of this breach, you may be able to claim those costs under the $1,000 reimbursement option. Having existing monitoring does not disqualify you from the flat $35 payment either.
The opt-out deadline has passed. Can I still sue individually?
No. The exclusion deadline was March 2, 2026. If you did not opt out by that date, you are bound by the settlement terms and cannot pursue a separate lawsuit over this breach. You can still file a claim for compensation through the settlement.
How long will it take to receive payment after I file?
The final fairness hearing is March 31, 2026. If the court approves the settlement and no appeals are filed, payments are typically distributed within three to nine months after approval. Delays can occur if there are objections or a high volume of claims to process.
What documentation do I need for the $1,000 reimbursement claim?
You need receipts, bank or credit card statements, invoices, or other records showing unreimbursed expenses directly caused by the breach. Examples include credit monitoring fees, costs of credit freezes, expenses from dealing with identity theft or fraud, and similar out-of-pocket costs incurred after the breach.
You Might Also Like
- Everything To Know About The American National Bank & Trust Data Incident Settlement Before You Submit A Claim
- Staten Island University Hospital Data Breach Settlement Deadline: What To Do Before The Posted Deadline
- Is The Staten Island University Hospital Data Breach Settlement Legit, And How Do You Check Eligibility