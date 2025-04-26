Connecticut-based healthcare provider Yale New Haven Health System reported a data breach that affected more than 5.5 million patients.

The data breach involved a “hacking/IT incident” affecting its network server, according to breach report posted by the U.S. Department of Health and Human Services Office for Civil Rights.

In a notice posted on its website, Yale New Haven Health System said that it identified unusual activity affecting its IT systems on March 8.

“We immediately took steps to contain the incident and began an investigation, which included assistance from external cybersecurity experts,” the company said in the notice. “We also reported the incident to law enforcement. The investigation determined that an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data.”

The data varies by patient, but could include name, data of birth, address, telephone number, email address, race or ethnicity, Social Security number, patient type and/or medical record number, according to the notice.

The notice added that the unauthorized third-party did not gain access to electronic medical record and treatment information, financial account information or payment information.

“While, to date, YNHHS is not aware of any patient information being used for identity theft or fraud, as a precaution, we are offering complimentary credit monitoring and identity protection services to individuals whose Social Security number was involved,” the notice said.

The FBI’s Internet Crime Complaint Center (IC3) reported Wednesday (April 23) that the number of ransomware complaints rose 9% year over year in 2024 and that nearly half of these complaints involved critical infrastructure organizations like hospitals.

In one recent cybersecurity incident, the Office of the Comptroller of the Currency (OCC) said April 8 that it notified Congress of a “major security incident” in which there was unauthorized access to OCC emails and email attachments.

In February, online food delivery marketplace Grubhub said it identified an incident involving a third-party contractor in which there was unauthorized access to certain user contact information.

In January, it was reported that the biggest medical-related data breach in U.S. history — the ransomware attack on UnitedHealth’s Change Healthcare business in 2024 — impacted around 190 million people.



