Clinical Registry Solutions Data Breach Lawsuit Investigation
Received a June 2026 breach notice from Clinical Registry Solutions?
Dapeer Law, P.A. is investigating a potential class action against Clinical Registry Solutions, a Brooklyn, New York healthcare registry and quality-improvement vendor, on behalf of Dignity Health St. Mary's Medical Center patients whose protected health information may have been exposed in the April 2026 network intrusion.
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a data breach notification letter from Clinical Registry Solutions dated June 2026.
- You are a Dignity Health St. Mary's Medical Center patient whose records were maintained by Clinical Registry Solutions as its registry support vendor.
- Your notice indicates your first and last name, medical record number, and procedure date may have been involved.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
On April 9, 2026, Clinical Registry Solutions (CRS) discovered suspicious activity within its network. According to the notice filed with the California Attorney General, CRS determined that an unauthorized actor accessed its network on that same date and acquired certain files containing Dignity Health St. Mary's Medical Center patient information. CRS provides registry support services to St. Mary's and maintains certain patient records as part of that work.
CRS reviewed the affected data to identify the individuals involved and began notifying them. The notice states that the information involved included patients' first and last names, medical record numbers, and procedure dates. CRS states that Social Security numbers, diagnoses, and treatment plans were not involved, and that it has no evidence of misuse of the information as of the notice date. The company disclosed the incident publicly on June 11, 2026, roughly two months after discovery.
Because the records relate to medical care, the information may carry risks beyond ordinary identity theft, including medical identity theft and the potential misuse of medical record numbers. The notice does not mention any complimentary credit or identity monitoring service. Dapeer Law is reviewing whether affected patients may have claims under California and other state data breach and medical privacy laws.
What to do if you received a letter
Keep your notice letter
Do not discard it. Your letter confirms that you were among the patients identified in the CRS review and is important evidence if you decide to participate in a lawsuit.
Place a fraud alert and monitor your accounts
The CRS notice does not offer complimentary credit or identity monitoring. You can still request a free annual credit report from each of the three bureaus and place a no-cost fraud alert or credit freeze. Taking these protective steps does not waive your right to pursue legal action.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide. For this healthcare incident, also review the Explanation of Benefits statements from your insurer for procedures, providers, or claims you do not recognize.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options under California and other state data breach and medical privacy laws, and advise whether you may be eligible to join a class action.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines, medical identity theft, or tax refund fraud tied to the breach.
Statutory damages
Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring Clinical Registry Solutions to implement stronger data security practices and safeguards for the patient information it maintains on behalf of its healthcare clients.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from Clinical Registry Solutions. What should I do? +
Keep your breach notice letter, since it confirms you were affected. Review your account statements, credit reports, and insurance Explanation of Benefits forms for unfamiliar activity. Consider placing a free fraud alert or credit freeze with the three credit bureaus, and contact a data breach attorney to understand your options. Because the exposed data includes medical record numbers, watch for signs of medical identity theft in particular.
Am I eligible to join a class action against Clinical Registry Solutions? +
If you received a notice from Clinical Registry Solutions, or you are a Dignity Health St. Mary's Medical Center patient whose information was held by CRS, you may qualify. Eligibility typically depends on your state of residence, the categories of your data that were involved, and whether you have experienced any documented harm. A free consultation can clarify where you stand.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
According to the notice, the information involved included patients' first and last names, medical record numbers, and procedure dates. CRS states that Social Security numbers, diagnoses, and treatment plans were not involved. Check your individual letter, which may describe the specific information involved for you.
Did Clinical Registry Solutions offer free credit monitoring? +
No. The Clinical Registry Solutions notice does not offer complimentary credit or identity monitoring. It directs recipients to a Cyberscout (a TransUnion company) assistance line and to the general protective steps available to all consumers, including free annual credit reports and no-cost fraud alerts and credit freezes. Using these protections does not waive your right to pursue a claim.
How many people were affected by the Clinical Registry Solutions breach? +
The number of individuals affected was not stated in the publicly available notice filed with the California Attorney General. This page will be updated as more information becomes available.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
Clinical Registry Solutions filed a sample notice with the California Attorney General, which publishes data breach notifications on its website. You can request a copy of the notice from CRS, or contact Dapeer Law and we can help you obtain a copy during a free consultation.
Sources & references
- Official breach notice filing · California Attorney General, Clinical Registry Solutions sample breach notice
- Company · Clinical Registry Solutions (clinicalregistrysolutions.com)
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC IdentityTheft.gov
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.
