Strauss Borrelli PLLC, a leading data breach law firm, is investigating St. John’s Riverside Hospital (“St. John’s”) regarding its recent data breach. The St. John’s data breach involved sensitive personal information and protected health information belonging to over 2,200 individuals.
ABOUT ST. JOHN’S RIVERSIDE HOSPITAL:
St. John’s is a healthcare network and hospital based in New York. Founded in 1869, St. John’s provides a range of healthcare services to patients, including services for behavioral health, oncology, cardiology, emergency care, maternity care, surgical services, and more.2,3 Additionally, St. John’s offers other programs and medical care services, including telehealth appointments, care transitions, HIV prevention, occupational medicine, etc.2 Headquartered in Yonkers, New York, St. John’s employs over 1,000 individuals.3
WHAT HAPPENED?
Recently, St. John’s announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice shared on its website, in September 2025, St. John’s became aware of potential unauthorized access to a limited number of employee email accounts for the purpose of distributing a phishing email and rerouting payment funds.1 As a result, St. John’s launched an investigation to determine the nature of the incident.
Through its investigation, St. John’s confirmed that sensitive personal information and protected health information in the emails may have been accessed by an unauthorized third party during the breach. As a result, St. John’s began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Driver’s license or state identification number
- Financial account number
- Health insurance information
- Medical condition information
- Treatment provider name
- Medical record number
- Treatment cost information
- Diagnosis and/or treatment information
As a result of the breach, St. John’s posted notice of the breach on its website. Additionally, on November 14, 2025, St. John’s filed official notice of the data breach with the U.S. Department of Health and Human Services’ Office for Civil Rights.4 Based on the website breach notice, St. John’s is providing affected individuals with complimentary credit monitoring services. A link to the website breach notice is below.
If you believe you have been affected by the St. John’s Riverside Hospital breach:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
