If you were a patient whose records were handled by Staten Island University Hospital and The Medibase Group, you may qualify for a cash payment and free identity protection under a proposed class action settlement. The settlement in *Santiago et al. v.
Staten Island University Hospital* covers approximately 35,106 individuals whose protected health information was exposed during a January 2024 data breach involving Medibase Group Inc., a third-party vendor that provided healthcare solutions and business office services to SIUH. Qualifying class members can receive a flat $35.00 cash payment, up to $1,000 for documented out-of-pocket losses, and two years of medical data monitoring with a $1 million identity theft insurance policy. Whether you received a notice in the mail or are just now learning about this breach, the information below will help you understand your options.
Table of Contents
- Who Qualifies for the Staten Island University Hospital Data Breach Settlement?
- What Data Was Exposed and How Did the Breach Happen?
- Settlement Benefits and Compensation Amounts
- How to File Your Claim Before the Deadline
- Opting Out vs. Staying In — What You Need to Know
- Why Vendor Breaches Like This One Are Increasingly Common
- What Happens After the Final Fairness Hearing
- Frequently Asked Questions
Who Qualifies for the Staten Island University Hospital Data Breach Settlement?
You qualify as a settlement Class Member if your personal or medical data was compromised in the data breach that occurred through The Medibase Group Inc. in January 2024. Medibase served as a business associate of Staten Island University Hospital, meaning it had access to patient records as part of its role providing technical assistance and business office solutions. When an unauthorized third party accessed Medibase’s systems, the protected health information of tens of thousands of SIUH patients was exposed. The most straightforward way to know if you qualify is whether you received a notice from the Settlement Administrator.
If SIUH’s records indicate your data was among the 35,106 affected individuals, you should have received a mailing explaining your rights and how to participate. For example, if you visited Staten Island University Hospital and your billing or medical records were processed through Medibase’s systems during the relevant period, your information may have been part of the breach. Unlike some settlements that require proof of actual harm, this one provides a flat cash payment to all eligible class members regardless of whether they experienced identity theft. If you did not receive a notice but believe your data was compromised, you can visit the official settlement website at medibasesiuhdatabreachsettlement.com to check your eligibility or contact the Settlement Administrator directly. Do not assume you are excluded simply because a letter did not arrive — mail gets lost, and addresses change.
What Data Was Exposed and How Did the Breach Happen?
In January 2024, an unauthorized third party gained access to systems belonging to The Medibase Group Inc. Medibase did not notify Staten Island University Hospital of the breach until approximately May 8, 2024 — a gap of roughly four months between the intrusion and the hospital being informed. That delay is significant because it means affected individuals went months without knowing their protected health information had been compromised, limiting their ability to take early protective action. The breach exposed protected health information, which under HIPAA can include names, dates of birth, Social Security numbers, medical record numbers, treatment information, health insurance details, and billing data.
The exact categories of information compromised may vary by individual. This is worth noting because not every class member had the same type of data exposed — one person might have had their Social Security number accessed while another had only billing information compromised. However, if your relationship with SIUH was entirely outside the scope of Medibase’s services, you likely would not be affected. For instance, if you visited a different Northwell Health facility that did not use Medibase for its business office operations, your records would not have been part of this particular breach. The settlement is specifically tied to the Medibase-SIUH relationship, not to Northwell Health’s broader network.
Settlement Benefits and Compensation Amounts
The settlement offers three distinct categories of benefits. First, every qualifying class member who submits a valid claim is entitled to a flat cash payment of $35.00. This requires no documentation of harm — it is simply compensation for the inconvenience and risk created by the breach. For a settlement involving just over 35,000 class members, this base payment alone represents a meaningful distribution of funds. Second, class members who experienced actual financial harm as a result of the breach can claim up to $1,000 in documented, unreimbursed out-of-pocket losses.
This could cover expenses like costs for credit monitoring services you purchased on your own after learning of the breach, fees for placing or lifting credit freezes, charges related to fraudulent transactions that were not reimbursed by your bank, or time spent dealing with identity theft at a reasonable hourly rate. For example, if you discovered unauthorized medical claims filed using your insurance information and spent hours on the phone sorting it out, those hours and any associated costs could be compensable. Third, all class members receive two years of medical data monitoring services, which include a $1 million identity theft insurance policy. Medical data monitoring is particularly relevant here because the breach involved health information, not just financial data. Standard credit monitoring would not catch someone using your medical identity to obtain prescriptions or file insurance claims, so this specialized monitoring provides protection tailored to the type of data that was exposed.
How to File Your Claim Before the Deadline
Claims must be submitted by March 16, 2026, through the official settlement website at medibasesiuhdatabreachsettlement.com. Filing online is the fastest and most reliable method, as it creates an immediate record of your submission. You will need to provide identifying information to verify your class membership and, if claiming out-of-pocket losses, upload or describe supporting documentation. If you are only claiming the $35.00 flat payment, the process is relatively simple — confirm your identity and submit. If you are also seeking reimbursement for out-of-pocket losses up to $1,000, gather your documentation before you start.
Bank statements showing fraudulent charges, receipts for credit monitoring services, and any correspondence with creditors or healthcare providers about fraudulent activity will strengthen your claim. The tradeoff is straightforward: filing for just the flat payment is quick and guaranteed, while pursuing additional compensation requires more effort but could result in significantly more money if you have legitimate documented losses. One practical note — do not wait until the last day. Settlement websites can experience heavy traffic near deadlines, and technical issues on March 16 could mean you miss your window. Filing a week or two early costs you nothing and eliminates that risk.
Opting Out vs. Staying In — What You Need to Know
The deadline to opt out of the settlement was March 2, 2026. If you did not submit an exclusion request by that date, you are bound by the settlement’s terms assuming the court grants final approval. This means you cannot later file your own individual lawsuit against Staten Island University Hospital or The Medibase Group over this specific data breach. For most class members, the settlement benefits will exceed what they could realistically recover through individual litigation, but it is important to understand what you are giving up.
If you did opt out before the deadline, you retain the right to pursue your own legal claims, but you will not receive any of the settlement benefits — no $35 payment, no reimbursement for losses, and no medical data monitoring. This is a meaningful tradeoff that generally only makes sense for individuals who suffered severe, well-documented harm that far exceeds the $1,000 cap available through the settlement. A final fairness hearing is scheduled for March 31, 2026, where the court will decide whether to grant final approval of the settlement. If you have objections to the settlement terms but did not opt out, you may have had the opportunity to file an objection before the court. However, with the opt-out deadline already passed, most class members at this point should focus on filing their claims rather than contesting the settlement structure.
Why Vendor Breaches Like This One Are Increasingly Common
The Staten Island University Hospital breach is a textbook example of third-party vendor risk in healthcare. SIUH itself was not directly breached — the intrusion occurred at The Medibase Group, a business associate that handled patient data on SIUH’s behalf. Under HIPAA, covered entities like hospitals are required to have Business Associate Agreements with vendors that access protected health information, but those agreements cannot prevent breaches from happening. They can only establish accountability after the fact.
This matters for consumers because you may not even know which vendors have access to your medical data. A patient at Staten Island University Hospital would have no reason to know that a company called Medibase Group was processing their records. Yet when Medibase’s systems were compromised, it was the patients’ information that was exposed. This is an inherent limitation of how healthcare data flows through the system, and it is why settlements like this one exist — to provide a remedy when the chain of custody over your data breaks down.
What Happens After the Final Fairness Hearing
The final fairness hearing on March 31, 2026 will determine whether the court approves the settlement as fair, reasonable, and adequate. If approved, the Settlement Administrator will begin processing claims and distributing payments.
The timeline for receiving your check or direct deposit after approval can vary — most data breach settlements take several weeks to a few months after final approval before funds are distributed, depending on the volume of claims and any remaining administrative steps. If you have already filed your claim, there is nothing more you need to do except wait for the court’s decision and subsequent distribution. Keep your contact information current with the Settlement Administrator so that your payment reaches you without delay.
Frequently Asked Questions
How do I know if I am part of the Staten Island University Hospital data breach settlement?
If you received a notice from the Settlement Administrator, you are a confirmed class member. If you did not receive a notice but believe your data was handled by The Medibase Group through SIUH, visit medibasesiuhdatabreachsettlement.com to check your eligibility.
How much money can I get from this settlement?
Every qualifying class member who files a claim receives a flat $35.00 payment. If you have documented out-of-pocket expenses caused by the breach, you can claim up to an additional $1,000 in reimbursement.
What is the deadline to file a claim?
The claim filing deadline is March 16, 2026. Claims can be submitted through the official settlement website at medibasesiuhdatabreachsettlement.com.
What does the medical data monitoring include?
The settlement provides two years of medical data monitoring services along with a $1 million identity theft insurance policy. This monitoring is designed to detect misuse of your health information, not just your financial data.
Can I still sue Staten Island University Hospital on my own?
Only if you submitted an exclusion request by March 2, 2026. If you did not opt out by that deadline, you are bound by the settlement and cannot file a separate lawsuit over this breach.
When will I receive my payment?
Payments will be distributed after the court grants final approval at the fairness hearing scheduled for March 31, 2026. Distribution typically takes several weeks to a few months after approval.
You Might Also Like
- Shimano Settlement Defective Crankset Settlement: Who Qualifies
- DoorDash NYAG Settlement Unpaid Tips Settlement: Who Qualifies
- Hyundai And Kia $62.1 Million Defective Airbag Control Units Settlement: Who Qualifies