Attorney
Woods Lonergan PLLC is a nationally recognized complex commercial and civil litigation firm that represents clients in select data breach class actions nationwide. Our data breach lawyers are currently investigating a significant data breach involving Community Health Action of Staten Island (CHASI) and its parent organization, Sun River Health.
Our Data Breach Lawyers have a proven record of holding national corporations, technology vendors, healthcare facilities, and educational institutions accountable when failures in cybersecurity expose the sensitive personal and financial information of individuals, workers, and partners.
If you’ve been affected by the Community Health Action of Staten Island (CHASI) data breach, you may be entitled to compensation. Contact Us for a free and confidential consultation. Woods Lonergan’s expert data breach lawyers are skilled at securing the affected parties the justice they deserve.
Call us 24/7 at (332) 378-0376– we take no fees unless you win.
Community Health Action of Staten Island, a prominent operator of health programs and social services for individuals and communities in New York, has reportedly confirmed a cybersecurity incident that allegedly affected approximately 200,000 patients. This reported ransomware attack has potentially exposed the sensitive personal, financial, and medical data—including Social Security numbers and HIV testing records—of hundreds of thousands of individuals, including patients, current and former employees, as well as corporate staff.
Who Is Impacted by the CHASI Data Breach and What Personal Data Was Stolen?
The “blast radius” of this breach is distinctly severe because it targets both vulnerable individuals seeking medical and social assistance, as well as the workforce providing those vital services.
Patients & Social Service Clients: Individuals who utilized CHASI’s programs, social services, and medical care are at extreme risk. Alarmingly, Genesis claims to have specifically stolen an HIV-tested patient database containing approximately 60,000 records. The records allegedly exposed for patients include:
- Full names
- Social Security numbers (SSNs)
- Driver’s license numbers / non-driver identification card numbers
- Bank account and routing numbers
- General medical information and treatment records
- Health insurance information
- HIPAA-covered data
Employees & Staff: Current and former employees of CHASI and its parent organization, Sun River Health, also had their internal employment files compromised. The records allegedly exposed for staff include:
- Full names
- Social Security numbers (SSNs)
- Driver’s licenses / non-driver identification card numbers
- Bank account and routing numbers (used for payroll processing)
- Internal employee HR files and tax data
If you’ve been affected by the Community Health Action of Staten Island (CHASI) data breach, you may be entitled to compensation. Contact us for a free and confidential consultation. Woods Lonergan’s expert data breach lawyers are skilled at securing the affected parties the justice they deserve.
Contact us 24/7 at (332) 378-0376– we take no fees unless you win.
The CHASI Data Breach: Populations Targeted by Ransomware
On February 25, 2026, official filings with the Massachusetts Attorney General revealed that CHASI fell victim to a sophisticated cyberattack resulting in the unauthorized access and theft of sensitive data.
While the official notice provided limited details regarding the nature of the intrusion, cybersecurity monitors report that this was a ransomware attack executed by the Genesis ransomware group. Genesis subsequently added CHASI to its dark web data leak site, claiming to have successfully exfiltrated approximately 200,000 records. This staggering breach leaves thousands of patients and dedicated healthcare workers highly vulnerable to identity theft, medical fraud, and extortion.
CHASI Data Breach FAQs
Who is Community Health Action of Staten Island (CHASI)? CHASI is a New York-based organization that operates social services, medical care programs, and support systems for vulnerable individuals in Staten Island. They are part of the larger Sun River Health network.
How do I know if my data was stolen? If you were a patient, client, or employee of CHASI, you should be on the lookout for an email or physical letter in the mail titled “Notice of Data Breach.” You can also contact our firm to help verify if your information was compromised in the attack. Affected individuals are reportedly being offered two years of complimentary credit monitoring.
Why is a medical data leak so dangerous? While a stolen credit card can be canceled, medical records and Social Security numbers are permanent identifiers. Hackers use this combination of Protected Health Information (PHI) and financial data to commit long-term medical identity theft, file false insurance claims, and in cases involving highly sensitive diagnoses, attempt extortion.
How do I join the CHASI data breach class action? If you received a notification letter or are a current/former patient or employee concerned about your sensitive data, you may be eligible to join a class action lawsuit. Contact our data breach lawyers for a free case evaluation.
What can a CHASI data breach lawyer do for me? Our legal team investigates whether CHASI and Sun River Health failed to implement reasonable, industry-standard cybersecurity measures to protect your most sensitive data. We work to recover damages for the heightened risk of identity theft, the out-of-pocket costs of securing your identity, and the loss of your private medical information.
About Woods Lonergan PLLC
Woods Lonergan PLLC is a nationally recognized plaintiff firm specializing in complex civil litigation, including class action, data privacy, and cybersecurity matters. We have a proven track record of successfully holding corporations accountable for data breaches and protecting the rights of consumers and businesses.
Our firm is currently representing plaintiffs in open litigation for numerous significant data breaches in 2025, including cases involving Powerschool, Ahold Delhaize, Aflac Insurance, Allianz Insurance, Johnson Controls, Community Health Center, Columbia University, DISA Global Solutions, and New Haven Health.
Notably, in 2025, Woods Lonergan settled the 23andMe Data Breach Lawsuit for $30 million in the Northern District of California, reached an $18 million settlement in the Yale New Haven Health data breach, and secured a multi-million dollar settlement in the Sunflower Medical Group data breach case in the U.S. District Court for the District of Kansas.
Contact Our Data Privacy Team If you are a patient, client, or employee of CHASI and suspect your data may be exposed, do not wait for the damage to spread.
Call Our Data Breach Lawyers 24/7 at (332) 378-0376 or email loganlowe@woodslaw.com for a free and confidential consultation. Woods Lonergan takes no fees unless we win.
Media Sources and Investigative Reports:
- Massachusetts Attorney General: Community Health Action of Staten Island Official Breach Notice