NYC system sues over massive data breach

The New York City Health and Hospitals Corp. filed a lawsuit against a data storage and transport vendor after the December theft of electronic files that contained personal or health information for about 1.7 million patients and hospital or contract employees.

The 14-hospital system said the breach involved patients, staff and vendors at Jacobi Medical Center and North Central Bronx Hospital and two health centers during a 20-year period. In letters last week, the city-owned system began to alert patients to the theft and offered free credit monitoring and fraud resolution for one year. The system notified three nationwide consumer reporting agencies of the theft.

In a news release, the system said the files were stolen after a driver for GRM Management Information Services left the company's van unlocked. A spokeswoman for GRM did not respond to a request for comment at deadline.

The data storage company dismissed the driver and notified police. The system has notified New York's attorney general, the state Office of Cyber Security and the Consumer Protection Board. The system also alerted HHS.

The New York system said it has sued the vendor to recover the costs of notification and other related damages. The system also canceled the vendor's contract.