finsmart-news_admin 
A medical practice has filed suit against Citibank, N.A. after hackers allegedly accessed a client’s sensitive login information and drained approximately $550,000 from the account.
The plaintiff, Vitality Psychiatric Group Practice, P.C., filed the complaint in the U.S. District Court for the Southern District of New York.
The lawsuit alleges that on March 28, 2025, an account was compromised following a call to the practice’s operator that appeared to be from Citibank’s fraud department. The caller asked personal questions and then used the client’s password to access the checking account.
The complaint alleges that Citibank delayed in reversing the transfers, froze both the old and newly opened accounts, and told the practice the investigation could last up to 90 days, during which the business was unable to access funds needed for payroll and other obligations.
The practice is seeking claims of negligence and breach of contract, demanding over $1 million in damages, including the $550,000 loss.
The incident is part of a growing trend of hackers targeting financial institutions’ clients by exploiting authentication and internal controls.
In a similar case, the City of Hope National Medical Center has agreed to pay $8.5 million to settle a class action lawsuit that was filed after a “data security incident” that happened in late 2023.
The California-based healthcare firm says the impacted information varies by person but may have included their name, email address, phone number, date of birth, social security number, driver’s license or other government identification, bank account numbers, credit card details, health insurance information, medical records, information about medical history and unique patient record numbers.
