New York Blood Center Data Breach Affects Patients and Donors In All Operating Divisions Featured
Failure to adequately protect patient information as required by federal law and industry guidelines cited as cause of data breach.
A class action lawsuit is being filed against blood collection and laboratory services giant, New York Blood Center Enterprises (“NYBCE”), after it was learned that the it failed to protect sensitive personal and protected health data of 193,306 patients and individuals as required under federal law and industry guidelines.
About New York Blood Center Enterprises
NYBCE operates blood centers, laboratory testing services and provides transfusion-related medical services in New York, New Jersey, Rhode Island, Connecticut, Nebraska, Pennsylvania, Delaware, Maryland, Virginia, Missouri, Kansas, Minnesota, and Southern New England. NYBCE makes of $500,000,000 per year selling blood and blood products to local hospitals and patients.
The following NYBCE operating divisions may have been affected by the data breach.
- Blood Bank of Delmarva,
- Community Blood Center,
- Innovative Blood Resources,
- Memorial Blood Centers,
- Nebraska Community Blood Bank,
- Rhode Island Blood Center,
- Connecticut Blood Center,
- Comprehensive Cell Solutions,
- Lindsley F. Kimball Research Institute, and
- National Center for Blood Group Genomics.
What Happened?
On Sunday, January 26, NYBCE and its operating divisions identified suspicious activity on its IT network. It immediately engaged third-party cybersecurity experts to investigate and confirmed that the suspicious activity is a result of a ransomware attack.
What Information was Stolen During the Breach
Upon information and belief, the following types of sensitive personal and protected health information may have been compromised as a result of the data breach –
- names
- dates of birth
- addresses
- Social Security number
- phone numbers
- email addresses
- health information
NYBCE made a public disclosure but has not sent out data breach notification letters as they are still investigating the extent of data compromised.
What is NYBCE Doing to Protect My Identity?
NYBCE has yet to announce what it intends to do to protect the identities of patients and individuals affected by breach. When NYBCE learns the extent of the confidential information involved in the breach, it will begin the process of notifying those affected and if identity protection services will be offered.
What Can Hackers Do With My Information?
Stolen PII and PHI can be used to commit identity theft, open new credit accounts, make unauthorized purchases or obtain loans. Cybercriminals have recently targeted America’s essential industries and in so doing have forced millions of Americans to face the fallout from these attacks.
Leaked or stolen data can be sold on the dark web forums and may be used for fraud and medical identity theft, a type of fraud, where threat actors use stolen information to submit forged claims to insurers.
Clients affected by the breach are exposed to a heightened and imminent risk of fraud and identity theft. They must now and in the future closely monitor their financial accounts to guard against identity theft and fraud.
If you receive a notification letter from New York Blood Center Enterprises , it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.
Protect Your Identity. Join the New York Blood Center Enterprises Data Breach Class Action.
The lawsuit alleges that NYBCE breached its duties under common law and the Federal Trade Commission Act to implement reasonable security measures, comply with industry standards and federal data-security regulations, encrypt sensitive data, and provide adequate and timely notice of the breach.
If you receive a notification letter from NYBCE, you are at permanent risk of identity theft and the devastating financial and legal consequences that go along with it.
You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.
The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by New York Blood Center Enterprises on February 3, 2025.
Please complete the form shown on this page and a data breach attorney will contact you. There is no cost to you.