#
Yale New Haven Health Data Breach Impacts 5.5 Million Patients
A devastating cyberattack has left the personal data of over 5.5 million patients exposed by Yale New Haven Health (YNHHS). The breach, which occurred earlier this month, has sent shockwaves through the healthcare community and raises concerns about the security of sensitive patient information.
About Yale New Haven Health
YNHHS is a nonprofit healthcare network headquartered in New Haven, Connecticut. As one of the largest healthcare systems in the state, it operates over 360 locations across Connecticut, southeastern New York, and Rhode Island, providing comprehensive medical services and facilities to its patients. With more than 2,400 beds and a vast network of healthcare professionals, YNHHS employs approximately 30,000 health professionals and generates an annual revenue of over $5.6 billion.
The Cybersecurity Incident
On March 11, 2025, YNHHS faced a cybersecurity incident affecting its IT services. The issue was quickly contained with the help of cybersecurity firm Mandiant. Although patient care and medical records were unaffected, some internet and app access issues persist as part of recovery efforts.
The Data Breach Revealed
YNHHS disclosed the data breach on April 11, 2025, stating that threat actors stole sensitive patient information. However, it's essential to note that financial information, medical records, or treatment details were not exposed in this incident.
The stolen data varies by patient and includes:
- Sensitive personal identifying information - Insurance-related information
βOn March 8, 2025, we identified unusual activity affecting our Information Technology (IT) systems. We immediately took steps to contain the incident and began an investigation, which included assistance from external cybersecurity experts. We also reported the incident to law enforcement. The investigation determined that an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data,β reads the Notice of Data Security Incident published by YNHHS.
No Impact on Patient Care
At no point did this incident impact YNHHS's ability to provide patient care. The organization prioritized patient care throughout the investigation and has since taken steps to improve its cybersecurity measures.
Notification and Support
Starting April 14, YNHHS will be mailing letters to patients affected by a data breach. While no misuse of data has been reported, free credit monitoring is offered to those whose Social Security numbers were involved. The organization set up a dedicated call center at 1-855-549-2678 for questions and concerns.
U.S. Department of Health and Human Services Breach Portal
The incident impacted 5,556,702 individuals, as reported by the U.S. Department of Health and Human Services breach portal. At this time, no ransomware group has taken responsibility for the attack.
As cybersecurity threats continue to evolve, it's essential for healthcare organizations like YNHHS to prioritize patient data protection. Patients can take steps to protect their sensitive information by:
- Monitoring their credit reports and accounts - Using strong, unique passwords - Enabling two-factor authentication
Stay informed about the latest cybersecurity news and updates on our Twitter account (@securityaffairs) and Facebook page (SecurityAffairs β hacking, Yale New Haven Health).