Strauss Borrelli PLLC, a leading data breach law firm, is investigating Endo Group, LLC, which does business as Northwell Health, Garden City SurgiCenter and Syosset SurgriCenter (“Northwell Health”), regarding its recent data breach. The Northwell Health data breach may have involved sensitive personal information and protected health information belonging to over 4,400 individuals.
ABOUT ENDO GROUP, LLC D/B/A NORTHWELL HEALTH, GARDEN CITY SURGICENTER, SYOSSET SURGICENTER:
Northwell Health is a healthcare provider with over 20 hospitals in New York. As a network of hospitals and health care facilities, Northwell Health offers a wide range of services, including cancer care, dental medicine, primary care, surgery, and hospice care. Founded in 1997, Northwell Health has grown into the largest healthcare provider in New York with over 800 outpatient facilities.2 Now a part of Northwell Health, Garden City SurgiCenter and Syosset SurgiCenter are both freestanding, outpatient ambulatory surgery centers offering patients comprehensive surgical care and specialty programs.4,5 Headquartered in Lake Success, New York, Northwell Health employs approximately 85,000 individuals with over 18,500 nurses and 4,500 physicians.3
WHAT HAPPENED?
Recently, Northwell Health announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its systems may have been accessed and acquired. According to the breach notice, on October 1, 2024, Northwell Health learned that an unauthorized third party had accessed two Endo Group email accounts.1 As a result, Northwell Health launched an investigation to determine the nature of the incident.
Through its investigation, on December 31, 2024, Northwell Health confirmed that sensitive personal information in its systems related to certain of its patients and employees may have been viewed and taken by an unauthorized third party between April 15, 2024, and July 18, 2024.1 As a result, Northwell Health began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Contact information
- Driver’s license or other ID number
- Credit card or financial account information
- Medical information (e.g., name of treatment facility, name of healthcare providers, medical diagnosis and treatment information, medical record number, dates and times of service)
- Health insurance and payment information
As a result of the breach, Northwell Health posted a notice of the incident on its website. Additionally, Northwell Health plans to send breach notification letters to impacted individuals. Based on the website breach notice, Northwell Health is providing affected individuals with a list of the specific types of sensitive information impacted and 12 months of complementary identity restoration services. A link to the form breach notification that Northwell Health posted to its website is below.
If you received a breach notification letter from Endo Group, LLC d/b/a Northwell Health, Garden City SurgiCenter, Syosset SurgiCenter:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
