YNHHS Notifies Nearly 5.6 Million Individuals of Largest Healthcare Data Breach Reported to HHS in 2025

Yale New Haven Health System (YNHHS), the largest healthcare system in Connecticut, has reported a significant data breach to federal regulators, impacting nearly 5.6 million individuals. This breach makes it the largest healthcare data breach reported to the US Department of Health and Human Services (HHS) in 2025 so far.

According to YNHHS, the breach was discovered on March 8, 2025, when the health system's IT systems revealed unusual activity within its network. An immediate investigation was launched, and external cybersecurity experts were engaged to determine the cause of the breach and mitigate any further damage.

The Nature of the Breach

The investigation revealed that an unauthorized third party had gained access to YNHHS's network and obtained copies of certain sensitive data. The information involved in the breach included names, birthdates, phone numbers, race or ethnicity, addresses, email addresses, patient type, medical record numbers, and Social Security numbers.

It is worth noting that the health system's electronic medical records were not affected by the breach. YNHHS has assured patients that the incident did not impact its ability to provide patient care across its care sites.

Patient Notification and Response

The health system began mailing notification letters to impacted individuals in April 2025, as required by federal regulations. The notifications included information about the breach, what data was involved, and steps that patients could take to protect themselves.

"YNHHS considers the health, safety, and privacy of our patients our top priority," stated a notice on YNHHS's website. "We are continuously updating and enhancing our systems to protect the data we maintain and to help prevent events such as this from occurring in the future."

Context: A Second Breach in April

The YNHH breach is not an isolated incident, but rather one of two significant breaches reported in April 2025. Blue Shield of California recently notified 4.7 million people of a breach that stemmed from a configuration of Google Analytics that allowed it to share member data with Google Ads.

A Growing Concern for Healthcare Data Breaches

Data breaches in the healthcare sector have become increasingly common, highlighting the need for robust cybersecurity measures and transparency in reporting incidents. As the healthcare industry continues to evolve, patients and organizations must remain vigilant in protecting sensitive information.