To file a claim in the Staten Island University Hospital data breach settlement, visit the official settlement website at medibasesiuhdatabreachsettlement.com and submit your claim form before the March 16, 2026 deadline. If you were one of the 35,106 individuals whose personal and medical information was compromised during a January 2024 cyberattack on Medibase Group Inc., a vendor that handled data for Staten Island University Hospital, you may be entitled to a flat cash payment of $35.00, reimbursement of up to $1,000 in out-of-pocket expenses, or two years of medical data monitoring with a $1 million identity theft insurance policy. The breach exposed deeply sensitive information, including Social Security numbers, dates of birth, health insurance details, and hospital admission records. The case, formally titled *Belle De Santiago and Elena Girenko v.
Staten Island University Hospital* (Case No. 25CVE0998), was filed in the Superior Court of Cherokee County, Georgia. For someone who discovered fraudulent charges on a credit card months after receiving a breach notification letter, this settlement offers a concrete path to compensation. This article walks through exactly how to file your claim, what benefits are available, the key deadlines you cannot miss, and what to watch out for during the process.
Table of Contents
- What Do You Need To File A Claim In The Staten Island University Hospital Data Breach Settlement?
- What Benefits Are Available And Which Option Should You Choose?
- How Did The Staten Island University Hospital Data Breach Happen?
- Key Deadlines You Must Meet To Protect Your Rights
- Common Mistakes That Could Get Your Claim Denied
- Why This Settlement Involves A Georgia Court And A New York Hospital
- What Happens After The Settlement Is Finalized
- Frequently Asked Questions
What Do You Need To File A Claim In The Staten Island University Hospital Data Breach Settlement?
Filing a claim requires you to visit medibasesiuhdatabreachsettlement.com and complete the online claim form. You will need the unique notice ID or reference number from the notification letter you received about the breach. If you have lost that letter, the settlement website typically provides instructions for looking up your eligibility using your name and other identifying information. Have your personal details on hand — your full name, mailing address, email address, and the last four digits of your Social Security number are standard fields on most data breach claim forms.
If you are filing for reimbursement of out-of-pocket expenses rather than the flat $35.00 payment, you will also need documentation. This means receipts, bank statements, or invoices showing costs you incurred as a direct result of the breach. Examples include fees for credit monitoring services you purchased on your own, charges related to fraud on your accounts, costs for placing or lifting credit freezes, or time spent dealing with identity theft. The settlement allows reimbursement of up to $1,000 per class member for these documented expenses. By comparison, the flat $35.00 payment requires no documentation at all — you simply select that option and submit the form.
What Benefits Are Available And Which Option Should You Choose?
The settlement offers three distinct benefits. First, every class member can enroll in two years of medical data monitoring services, which comes bundled with a $1 million identity theft insurance policy. This monitoring is specifically designed for healthcare-related breaches, which matters because medical identity theft is harder to detect and more damaging than standard financial fraud. Second, you can claim reimbursement for documented out-of-pocket expenses up to $1,000. Third, you can opt for a flat cash payment of $35.00 instead of the expense reimbursement.
However, if you have already spent money dealing with the fallout of this breach — paying for credit monitoring, dealing with fraudulent medical bills, or spending hours on the phone with insurers — the expense reimbursement route will almost certainly pay more than the $35.00 flat payment. The tradeoff is that the reimbursement requires proof. You need actual receipts or statements, and the expenses must be directly tied to the breach. If you cannot document your losses, or if you simply did not incur any, the flat $35.00 is the practical choice. One important note: the medical data monitoring benefit is available to all class members regardless of which cash option you select, so you do not have to choose between monitoring and money.
How Did The Staten Island University Hospital Data Breach Happen?
The breach did not originate at Staten Island University Hospital itself. In January 2024, a targeted cyberattack compromised the computer systems of The Medibase Group Inc., a healthcare solutions vendor that provided services to SIUH. Medibase handled protected health information on behalf of the hospital, which is a common arrangement in the healthcare industry.
It was not until May 8, 2024 — roughly four months later — that Medibase notified Staten Island University Hospital that an unauthorized third party had accessed its systems. During that window, the attacker had access to records containing full names, dates of birth, Social Security numbers, hospital admit and discharge dates, outstanding balances, and health insurance information. Consider what that combination of data means in practice: someone with your SSN, date of birth, and health insurance details could potentially open medical accounts in your name, file fraudulent insurance claims, or use your identity to obtain prescription drugs. This is why the settlement includes medical data monitoring specifically — standard credit monitoring would not catch someone using your health insurance information at a clinic across the country.
Key Deadlines You Must Meet To Protect Your Rights
Three dates matter in this settlement, and missing them has real consequences. The first deadline — March 2, 2026 — was the cutoff for opting out or requesting exclusion from the settlement. If that date has passed, you are part of the class unless you already submitted an exclusion request. The second and most critical deadline for claimants is March 16, 2026, which is the last day to submit your claim. Claims filed after that date will be rejected regardless of your eligibility.
The third date is March 31, 2026, when the final fairness hearing is scheduled. At this hearing, the court will decide whether to grant final approval to the settlement terms. If the court approves, payments will be processed after that date, though the exact timeline for receiving your check or direct deposit depends on how many claims are filed and whether any objections are raised. If you file your claim before March 16 and the court approves the settlement on March 31, you have done everything required on your end. Compared to some data breach settlements that drag on for years, this timeline is relatively compressed, which generally means faster payouts for class members.
Common Mistakes That Could Get Your Claim Denied
The most frequent reason claims get denied in data breach settlements is incomplete documentation for expense reimbursement. If you are claiming out-of-pocket costs, make sure every expense has a corresponding receipt, statement, or record. Vague descriptions like “I spent time dealing with fraud” without specific documentation will not satisfy the claims administrator. If you spent ten hours on the phone with your bank, check whether your state allows compensation for time spent — and if so, document those hours with dates, call durations, and what you were resolving. Another common pitfall is filing a claim when you are not actually a class member.
This settlement covers 35,106 specific individuals whose data was held by Medibase in connection with Staten Island University Hospital. If you were a patient at SIUH but your data was not processed through Medibase’s systems, you may not be part of this class. The notification letter is your clearest indicator of eligibility. Filing a fraudulent or ineligible claim can delay the process for legitimate class members and may expose you to legal consequences. If you are unsure whether you qualify, check the settlement website or contact the claims administrator listed there before submitting.
Why This Settlement Involves A Georgia Court And A New York Hospital
One detail that confuses many class members is the jurisdiction. Staten Island University Hospital is in New York, but the case — *Belle De Santiago and Elena Girenko v. Staten Island University Hospital*, Case No. 25CVE0998 — was filed in the Superior Court of Cherokee County, Georgia.
This likely reflects where the named plaintiffs reside or where Medibase Group Inc. has its operations. It does not affect your eligibility or your ability to file a claim. Class action settlements routinely involve courts in states different from where the defendant operates, and your rights as a class member are the same regardless of where you live.
What Happens After The Settlement Is Finalized
Once the court grants final approval at the March 31, 2026 hearing, the claims administrator will begin processing payments. Historically, data breach settlements take anywhere from a few weeks to several months after final approval to distribute funds, depending on the volume of claims and whether appeals are filed. If no objections or appeals complicate the process, class members who filed valid claims should expect their payments within a few months of the hearing.
Beyond this settlement, the breach serves as a reminder of the risks inherent in third-party vendor relationships in healthcare. Patients have no control over which vendors handle their data, and breaches at those vendors can expose information just as sensitive as what the hospital itself holds. If you receive a monitoring enrollment as part of this settlement, use it — and pay attention to any alerts it generates, especially regarding medical accounts or insurance claims you do not recognize.
Frequently Asked Questions
How do I know if I am part of the Staten Island University Hospital data breach settlement?
You should have received a notification letter or email informing you that your data was compromised. The settlement covers 35,106 individuals whose protected health information was held by Medibase Group Inc. in connection with SIUH. If you did not receive a notice but believe you are affected, check the settlement website at medibasesiuhdatabreachsettlement.com.
Can I receive both the cash payment and the medical data monitoring?
Yes. The two-year medical data monitoring with $1 million identity theft insurance is available to all class members. You can enroll in monitoring and also receive either the $35.00 flat payment or up to $1,000 in expense reimbursement.
What qualifies as an out-of-pocket expense for reimbursement?
Expenses must be documented and directly caused by the data breach. Examples include costs for credit monitoring services you purchased, bank fees related to fraud, expenses for credit freezes, postage for mailing fraud disputes, and similar costs. You will need receipts or statements as proof.
What is the deadline to file a claim?
The deadline to submit a claim is March 16, 2026. Claims submitted after this date will not be accepted.
When will I receive my payment?
Payments will be distributed after the court grants final approval at the fairness hearing scheduled for March 31, 2026. Assuming no appeals or complications, payments are typically issued within a few months of final approval.
Why was this case filed in Georgia if the hospital is in New York?
The case was filed in the Superior Court of Cherokee County, Georgia, likely based on where the named plaintiffs reside or where Medibase Group Inc. has relevant operations. Your eligibility and benefits are not affected by the court’s location.
You Might Also Like
- Staten Island University Hospital Proposed Settlement Data Breach Settlement: Who Qualifies
- How To File A Claim In The Shimano Defective Crankset Settlement
- How To File A Claim In The Hyundai And Kia Defective Airbag Control Units Settlement