Betrayal of Trust: Northwell's Hidden Camera & Privacy Crisis

NEW YORK, NY – February 04, 2026 – A massive civil lawsuit is escalating against Northwell Health, one of New York's largest healthcare providers, over a shocking hidden camera surveillance scheme that secretly recorded thousands of patients, staff, and visitors—including minors—in bathroom facilities. The lawsuit, filed by the firm Greenstein & Pittari, LLP, not only seeks accountability for the profound privacy breach but also shines a harsh spotlight on the institution's year-long delay in notifying potential victims, a decision that has sparked outrage and raised critical questions about patient safety and corporate responsibility.

A Profound Breach of Privacy

The complaint alleges a two-year period of clandestine surveillance, running from 2022 until April 2024. During this time, hidden cameras, cleverly disguised as smoke detectors, were allegedly installed and operated in bathrooms at two of Northwell Health's Great Neck locations: the Northwell Health Sleep Disorders Center at 155 Community Drive and the STARS Rehabilitation center at 145 Community Drive.

The devices were reportedly placed to capture individuals in their most vulnerable moments. Investigators recovered hundreds of video clips, with authorities estimating that over 13,000 people could have been impacted. The alleged perpetrator, former Northwell employee Sanjai Syamaprasad, was arrested after being discovered watching the illicit recordings at work. According to court records, he pleaded guilty in July 2025 to multiple counts of unlawful surveillance and tampering with evidence, admitting he attempted to destroy the memory cards and cameras after being caught.

A Year of Silence and Eroding Trust

A central and explosive claim in the litigation is the timeline of disclosure. Northwell Health reportedly discovered the surveillance in April 2024 and immediately terminated Syamaprasad, notifying the Nassau County District Attorney's Office the same day. However, it wasn't until May 2025—more than a year later—that the healthcare giant began sending notification letters to the thousands of individuals who may have been recorded.

This delay has become a focal point of the legal battle. The lawsuit filed by Greenstein & Pittari, LLP alleges that Northwell Health failed in its duty to supervise employees, did not take reasonable steps to secure private patient areas, and deliberately withheld information about the breach from the public. Plaintiffs argue this silence left them unaware of the violation of their privacy, preventing them from seeking timely support or legal counsel.

Legal experts note that this delay appears to conflict with data breach notification standards. The federal HIPAA Breach Notification Rule requires healthcare providers to notify affected individuals without unreasonable delay and no later than 60 days following the discovery of a breach. New York State's own laws are even stricter, often requiring notification within 30 days. The lawsuit contends that by withholding the information, the institution compounded the initial harm and violated the trust placed in it by patients.

The Human Toll and a Fight for Justice

For the victims, the discovery has been a source of profound emotional and psychological trauma. Legal filings and public statements describe feelings of violation, anxiety, and a shattered sense of security. "It's really destroyed my faith in humanity," one victim stated anonymously. "You don't trust people." The fact that the surveillance occurred in a healthcare setting—a place associated with care and safety—has made the betrayal feel even more acute.

The criminal proceedings against Syamaprasad have offered little solace to many. An initial plea deal that offered only probation was met with fierce opposition from victims and the Nassau County District Attorney, who had pushed for a prison sentence. While a judge ultimately revised the sentence in November 2025 to include six months in jail, five years of probation, and registration as a sex offender, many feel it falls short of true justice. "I'm glad that the judge reconsidered to give prison time," another victim commented, "but it's not enough... for everything that he's done to all of us."

With the criminal case concluded, victims are now turning to the civil courts in overwhelming numbers. By mid-2025, hundreds of individual and class-action lawsuits had been filed against both Syamaprasad and Northwell Health, seeking compensation for negligence, invasion of privacy, and the severe emotional distress caused by the ordeal.

A System Under Scrutiny

The Northwell incident serves as a stark wake-up call for the entire healthcare industry, highlighting a critical vulnerability: the insider threat. While external cyberattacks often dominate headlines, security experts warn that malicious or negligent employees pose a significant and growing risk within healthcare. The highly sensitive nature of patient information and the inherent trust required in care settings create a high-stakes environment.

Experts recommend a multi-layered approach to security that goes beyond just digital firewalls. This includes rigorous employee screening and monitoring, continuous cybersecurity awareness training, and implementing physical security checks in sensitive areas. Furthermore, clear and rapid response protocols for breaches are essential not only for legal compliance but also for maintaining patient trust. The interconnected healthcare ecosystem means a failure at one facility can have ripple effects, eroding public confidence across the board.

The ongoing litigation against Northwell Health will be closely watched. Its outcome could set a significant precedent for institutional liability in cases of employee misconduct and define the expectations for transparency and timely communication when a patient's most fundamental right to privacy is violated. For the thousands affected, the legal battle is not just about compensation; it is a fight for accountability and a demand that healthcare providers uphold their most basic promise: to first, do no harm.