North Shore University Hospital Sleep Center Breach Affects 13,332 Patients

A significant healthcare data breach at North Shore University Hospital Sleep Disorders Center has exposed the protected health information of 13,332 patients. The incident, reported to the Department of Health and Human Services on May 23, 2025, involved unauthorized access and disclosure of sensitive patient data by a former employee.

What Happened

On May 22, 2025, North Shore University Hospital reported a privacy breach impacting patients of its Northwell Health Sleep Disorders Center located in Great Neck, New York. The breach was classified as "unauthorized access/disclosure" with the location listed as "other" in the HHS Office for Civil Rights breach report database.

According to the breach notice, the incident involved a former employee who gained unauthorized access to protected health information. Upon discovering the breach, North Shore University Hospital immediately took decisive action to prevent the former employee from returning to the premises.

The hospital demonstrated swift response by referring the matter to the District Attorney's Office and pledged full cooperation with both the investigation and any subsequent prosecution. This immediate escalation to law enforcement indicates the serious nature of the unauthorized access.

Who Is Affected

The breach impacted 13,332 individuals who received services at the North Shore University Hospital Sleep Disorders Center. Sleep disorder patients often have comprehensive medical records that may include:

• Personal identifying information
• Medical history and diagnoses
• Treatment plans and prescriptions
• Sleep study results and analysis
• Insurance information
• Contact details and emergency contacts

Patients who have visited the Northwell Health Sleep Disorders Center in Great Neck, New York should consider themselves potentially affected and take appropriate protective measures.

Breach Details

The breach is classified as an "unauthorized access/disclosure" incident, meaning that protected health information was improperly accessed and potentially shared without authorization. Key details include:

• Breach Type: Unauthorized Access/Disclosure
• Affected Individuals: 13,332 patients
• Entity: North Shore University Hospital Sleep Disorders Center
• Location: Great Neck, New York
• Discovery Date: May 22, 2025
• HHS Report Date: May 23, 2025
• Perpetrator: Former employee

The breach location is classified as "other," which typically indicates the incident didn't occur through traditional vectors like email, network servers, or portable devices, but rather through direct unauthorized access by an insider.

What This Means for Patients

As stated in the breach notice, North Shore University Hospital Sleep Disorders Center is required under federal law to maintain the privacy and security of protected health information. The unauthorized access or disclosure of this data exposes affected patients to several risks:

Identity Theft Risks

Patients' personal information, combined with medical details, creates a complete profile that identity thieves can exploit for various fraudulent activities, including opening credit accounts or obtaining medical services.

Medical Fraud Concerns

Unauthorized access to medical records can lead to medical identity theft, where criminals use patients' information to obtain medical care, prescription drugs, or file false insurance claims.

Privacy Loss

Sensitive medical information about sleep disorders and related health conditions may have been compromised, potentially causing embarrassment or discrimination if disclosed.

Financial Impact

Patients may face financial consequences from fraudulent activities conducted using their stolen information, requiring time and resources to resolve.

How to Protect Yourself

If you are a patient of North Shore University Hospital Sleep Disorders Center, take these immediate steps:

Monitor Your Accounts

• Review all medical and insurance statements for unfamiliar charges
• Check credit reports regularly for new accounts or inquiries
• Monitor bank and credit card statements for unauthorized transactions

Stay Vigilant

• Be suspicious of unexpected medical bills or insurance communications
• Watch for denial of claims for services you didn't receive
• Report any suspicious activity to your healthcare providers and insurers immediately

Protect Your Information

• Consider placing a fraud alert or credit freeze on your credit reports
• Keep detailed records of all communications related to the breach
• Save copies of medical records and insurance documents

Legal Considerations

While no class action lawsuits have been mentioned in available reports, affected patients should stay informed about potential legal remedies and compensation options that may become available.

Prevention Lessons for Healthcare Providers

This incident highlights critical security vulnerabilities that healthcare organizations must address:

Employee Access Management

• Implement robust access controls that immediately revoke permissions upon employee termination
• Regularly audit user access rights and remove unnecessary privileges
• Monitor employee access to patient records for unusual patterns

Insider Threat Prevention

• Conduct thorough background checks for employees with access to PHI
• Implement behavioral monitoring systems to detect suspicious access patterns
• Provide regular security training emphasizing the legal and ethical obligations of handling PHI

Incident Response Planning

• Develop clear procedures for responding to suspected breaches
• Establish relationships with law enforcement for rapid escalation when needed
• Create communication protocols for notifying patients and regulators promptly

Technical Safeguards

• Deploy audit logging systems that track all access to patient records
• Implement role-based access controls limiting data access to job functions
• Use encryption for stored and transmitted patient data

The North Shore University Hospital incident serves as a stark reminder that healthcare organizations must remain vigilant against both external threats and insider risks. With 13,332 patients affected, this breach demonstrates how quickly unauthorized access can impact thousands of individuals.

Healthcare providers must invest in comprehensive security programs that address technical safeguards, administrative controls, and physical security measures. Regular security assessments, employee training, and incident response planning are essential components of effective HIPAA compliance.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.