The Staten Island University Hospital data breach settlement follows a specific timeline that affected individuals need to know: the opt-out and objection deadline was March 2, 2026, the claims submission deadline is March 16, 2026, and the final fairness hearing is scheduled for March 31, 2026 at 9:00 a.m. Payments will be distributed only after the court grants final approval at or following that hearing, and after any appeals have been resolved. If you received a notice about this settlement, understanding these dates is critical because missing them could mean forfeiting your right to compensation entirely. This settlement stems from a January 2024 cyberattack on The Medibase Group Inc., a healthcare solutions vendor that provided services to Staten Island University Hospital.
The breach exposed protected health information belonging to 35,106 individuals. The case, formally titled Belle De Santiago and Elena Girenko v. Staten Island University Hospital, Case No. 25CVE0998, was filed in the Superior Court of Cherokee County, Georgia.
Table of Contents
- What Is the Full Staten Island University Hospital Settlement Timeline From Notice to Final Payments?
- What Caused the Staten Island University Hospital Data Breach and Who Is Affected?
- What Compensation Options Are Available to Class Members?
- How to File a Claim Before the March 16 Deadline
- What Happens If You Object or Opt Out of the Settlement?
- What to Expect After the Final Fairness Hearing on March 31
- Broader Implications for Healthcare Vendor Data Breaches
- Frequently Asked Questions
What Is the Full Staten Island University Hospital Settlement Timeline From Notice to Final Payments?
The settlement timeline spans several months and includes distinct phases that class members should track carefully. After the settlement received preliminary approval, notice was sent to the 35,106 individuals whose data was compromised in the Medibase breach. Class members then had until March 2, 2026, to either opt out of the settlement or file objections. The claims submission deadline follows on March 16, 2026, giving class members a narrow two-week window after the exclusion deadline to submit their paperwork. The final fairness hearing is set for March 31, 2026, at 9:00 a.m., where the court will consider any objections and decide whether to grant final approval. To put this in practical terms, compare this timeline to other data breach settlements. Many healthcare breach cases allow 60 to 90 days for claims submission.
The SIUH settlement’s timeline is relatively compressed, which means procrastination could be costly. If you are a class member who has been sitting on your notice letter, the window to act is closing. The period between the claims deadline and the final hearing is just 15 days, which is a tight turnaround for the court to review all submissions. One detail worth noting: the payment phase is open-ended. Unlike the other deadlines, there is no fixed date for when checks will go out. Payments are contingent on the court granting final approval and on no appeals being filed. If someone objects and appeals the settlement, payment distribution could be delayed by months or even longer.
What Caused the Staten Island University Hospital Data Breach and Who Is Affected?
The breach did not originate from Staten Island University Hospital’s own systems. In January 2024, a targeted cyberattack hit the computer systems of The Medibase Group Inc., a healthcare solutions vendor that provided administrative and data services to SIUH. On approximately May 8, 2024, Medibase notified the hospital that an unauthorized third party had gained access to its systems. That four-month gap between the breach and the notification is notable and reflects a pattern seen across the healthcare industry, where vendors sometimes take weeks or months to discover and report intrusions. The breach exposed protected health information of 35,106 individuals.
While the settlement materials do not enumerate every category of compromised data in full public detail, healthcare breaches of this nature typically involve names, dates of birth, medical record numbers, treatment information, and insurance details. The legal claims against SIUH allege negligence, breach of implied contract, and unjust enrichment, arguing that the hospital failed to ensure its vendor implemented reasonable security measures to protect patient data. However, if you received care at Staten Island University Hospital but did not receive a settlement notice, you may not be part of the affected class. The breach was specific to data handled by Medibase, not the hospital’s entire patient population. If you are unsure whether you are included, the official settlement website at medibasesiuhdatabreachsettlement.com has tools to verify your eligibility.
What Compensation Options Are Available to Class Members?
Class members in the SIUH settlement have three forms of potential compensation, and understanding the tradeoffs between them matters. The first is two years of medical data monitoring services, which includes a $1 million identity theft insurance policy. This is a non-cash benefit but arguably the most valuable for anyone concerned about long-term misuse of their health information. Medical identity theft can result in fraudulent insurance claims, corrupted medical records, and bills for services you never received, problems that can take years to untangle. The second option is reimbursement for documented, unreimbursed out-of-pocket losses caused by the breach, up to $1,000 per class member. This requires receipts and documentation.
For example, if you paid for a credit monitoring service after receiving the breach notification, purchased identity theft protection, or spent time dealing with fraudulent charges that you can document with bank statements, those expenses could qualify. The key word is “documented.” Vague claims without paper trails will not survive the review process. The third option is a flat $35.00 cash payment. This requires no documentation of losses and is the simplest path to compensation. For many class members who did not suffer direct financial harm from the breach, this may be the most practical choice. While $35 is modest, it reflects the reality of class action mathematics: the settlement fund is divided among potentially tens of thousands of claimants.
How to File a Claim Before the March 16 Deadline
Filing a claim requires visiting the official settlement website at medibasesiuhdatabreachsettlement.com and completing the claim form before the March 16, 2026, deadline. The form will ask for identifying information to confirm your class membership, and your selection of which benefits you are claiming. If you are seeking reimbursement for out-of-pocket losses, you will need to upload or mail supporting documentation such as receipts, bank statements, or invoices for identity protection services. The tradeoff between the $35 flat payment and the up-to-$1,000 reimbursement is straightforward but worth thinking through. If your documented losses exceed $35, file for reimbursement.
If you cannot produce documentation or your losses are minimal, take the flat payment. You cannot claim both the cash reimbursement and the flat payment, so choose the option that reflects your actual situation. Either way, you can also enroll in the two years of medical data monitoring, which is available to all class members regardless of which cash option they select. One practical tip: do not wait until March 16 to file. Settlement websites occasionally experience technical difficulties near deadlines when traffic spikes. Filing a week early eliminates that risk and gives you time to gather any missing documentation if the form requires it.
What Happens If You Object or Opt Out of the Settlement?
The deadline to object to or opt out of the SIUH settlement was March 2, 2026. These are two very different actions that class members sometimes confuse. Opting out, also called requesting exclusion, means you remove yourself from the settlement entirely. You receive no benefits, but you preserve your right to file your own individual lawsuit against the defendants. Objecting means you stay in the settlement class but formally tell the court why you believe the terms are unfair, inadequate, or unreasonable. Objections will be considered at the final fairness hearing on March 31, 2026. The judge will review any objections filed and determine whether the settlement is fair, reasonable, and adequate for the class as a whole.
It is worth noting that SIUH denies all claims of wrongdoing, fault, and liability. This is standard language in class action settlements, but it underscores a limitation: if the case went to trial, the plaintiffs would bear the burden of proving negligence, breach of implied contract, and unjust enrichment. Settlement avoids that risk for both sides. A warning for anyone who opted out: you are now on your own. Filing an individual lawsuit requires hiring an attorney, bearing litigation costs, and proving your case independently. For most individuals whose losses fall under $1,000, the economics of individual litigation rarely make sense. The settlement, while imperfect, offers potential compensation without that burden.
What to Expect After the Final Fairness Hearing on March 31
The final fairness hearing on March 31, 2026, at 9:00 a.m. is the last major milestone before payments can be issued. At this hearing, the judge in the Superior Court of Cherokee County, Georgia, will hear from the parties, consider any objections, and decide whether to grant final approval of the settlement. If approved without complications, the settlement administrator will begin processing payments.
However, the timeline for actually receiving a check depends on whether any appeals are filed. In many class action cases, objectors who lose at the fairness hearing can appeal the decision to a higher court. This can delay payment distribution by six months to a year or more. If no appeals are filed, class members can typically expect payments within two to four months after final approval, though this varies by case. The settlement website at medibasesiuhdatabreachsettlement.com will post updates on the payment timeline once the hearing concludes.
Broader Implications for Healthcare Vendor Data Breaches
The SIUH settlement highlights a growing vulnerability in healthcare data security: third-party vendors. The breach did not happen inside the hospital. It happened at Medibase, a vendor that handled patient data on SIUH’s behalf. This vendor-based attack vector has become one of the most common pathways for healthcare data breaches nationally.
Hospitals and health systems increasingly rely on outside companies for billing, records management, and administrative services, and each of those relationships creates a potential point of failure. For patients, the takeaway is that your data can be compromised even if your direct healthcare provider has strong security practices. Going forward, individuals affected by this breach should remain vigilant beyond the two-year monitoring period offered by the settlement. Freezing your credit, monitoring your explanation of benefits statements for unfamiliar medical claims, and reviewing your medical records annually for inaccuracies are all steps that cost nothing and can catch identity theft early.
Frequently Asked Questions
How do I know if I am part of the Staten Island University Hospital data breach settlement?
You should have received a notice by mail or email. If you are unsure, visit medibasesiuhdatabreachsettlement.com and use the lookup tool to check your eligibility. The settlement covers 35,106 individuals whose protected health information was exposed in the January 2024 Medibase cyberattack.
Can I file a claim and still object to the settlement?
Yes. Filing a claim and filing an objection are not mutually exclusive. You can submit a claim to preserve your right to compensation while also objecting to the settlement terms at the March 31, 2026 fairness hearing. However, the objection deadline was March 2, 2026.
What is the difference between opting out and objecting?
Opting out removes you from the settlement entirely, meaning you get no benefits but retain the right to sue individually. Objecting means you stay in the class and tell the court why you think the settlement terms should be changed. The exclusion and objection deadline was March 2, 2026.
When will I receive my payment?
Payments will be distributed after the court grants final approval at or following the March 31, 2026 hearing, and after any appeal period has passed. If no one appeals, payments typically arrive within two to four months of final approval. Appeals can delay payments significantly.
Do I need a lawyer to file a claim?
No. The claims process is designed for individuals to complete on their own through the official settlement website. You do not need to hire an attorney or pay any fees to submit a claim.
What documentation do I need to claim out-of-pocket losses?
You need receipts, invoices, bank statements, or other records showing expenses you incurred because of the data breach that were not reimbursed by other sources. Examples include credit monitoring services you purchased, costs related to freezing or unfreezing credit, and time spent dealing with fraud. The maximum reimbursement is $1,000.
You Might Also Like
- Shimano Settlement Timeline: Notice, Objections, Final Hearing, And Payments
- Hyundai And Kia Settlement Timeline: Notice, Objections, Final Hearing, And Payments
- DoorDash Settlement Timeline: Notice, Objections, Final Hearing, And Payments