St. John’s Riverside Hospital Data Breach Exposes PII and PHI of Over 2,200 Individuals
St. John’s Riverside Hospital, a community-based healthcare provider in Yonkers, New York, disclosed a data breach affecting at least 2,238 individuals across the U.S. The incident, reported to the U.S. Department of Health and Human Services on November 14, 2025, stemmed from unauthorized access to a limited number of employee email accounts.
The breach was detected in September 2025 after the hospital identified suspicious activity, including phishing emails and an attempt to reroute payment funds. The compromised accounts contained sensitive data, including personally identifiable information (PII)—such as names, dates of birth, Social Security numbers, driver’s license details, and financial account numbers—as well as protected health information (PHI), including health insurance details, medical conditions, treatment records, and diagnosis information.
In response, St. John’s Riverside Hospital took immediate action to secure its systems, including resetting passwords, revoking session tokens, and implementing multifactor authentication. The hospital also engaged cybersecurity professionals to investigate the incident, contain the unauthorized access, and identify affected individuals. The breach has since been remediated.
Source: https://www.claimdepot.com/data-breach/st-johns-riverside-hospital-2025
St. John's Riverside Hospital cybersecurity rating report: https://www.rankiteo.com/company/st.-john's-riverside-hospital
"id": "ST.1767031285",
"linkid": "st.-john's-riverside-hospital",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2238',
'industry': 'Healthcare',
'location': 'Yonkers, New York, USA',
'name': 'St. John’s Riverside Hospital',
'type': 'Healthcare Provider'}],
'attack_vector': 'Phishing',
'customer_advisories': 'If you believe your personal information may have '
'been compromised in this breach, please take '
'appropriate steps to protect your information.',
'data_breach': {'number_of_records_exposed': '2238',
'personally_identifiable_information': ['Name',
'Date of birth',
'Social Security '
'number',
'Driver’s license or '
'state identification '
'number',
'Financial account '
'number',
'Health insurance '
'details',
'Medical condition '
'information',
'Treatment provider '
'name',
'Medical record '
'number',
'Treatment cost '
'information',
'Diagnosis or '
'treatment '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-09',
'date_publicly_disclosed': '2025-11-14',
'description': 'St. John’s Riverside Hospital experienced a data breach that '
'potentially exposed personally identifiable information (PII) '
'and protected health information (PHI) of at least 2,238 '
'individuals across the U.S. The breach originated from '
'unauthorized access to a limited number of employee email '
'accounts.',
'impact': {'data_compromised': 'PII and PHI',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Employee email accounts'},
'initial_access_broker': {'entry_point': 'Employee email accounts'},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': ['Password changes',
'Session token revocation',
'Multifactor authentication '
'reset',
'Engagement of data '
'security and privacy '
'professionals'],
'root_causes': 'Phishing emails and unauthorized '
'access to employee email accounts'},
'references': [{'date_accessed': '2025-11-14',
'source': 'U.S. Department of Health and Human Services'},
{'source': 'Official notice to consumers'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services']},
'response': {'communication_strategy': 'Official notice to consumers',
'containment_measures': ['Password changes',
'Session token revocation',
'Multifactor authentication reset'],
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Unauthorized activity contained and '
'remediated',
'third_party_assistance': 'Data security and privacy '
'professionals'},
'title': 'St. John’s Riverside Hospital Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Employee email accounts'}