New York City Health + Hospitals Data Breach Featured
Sensitive patient and employee information may have been exposed in a cyberattack affecting approximately 1.8 million individuals.
NYC Health + Hospitals has disclosed a data breach involving unauthorized access to portions of its network that may have exposed sensitive patient and employee information.
According to the organization’s public notice and reports filed with the U.S. Department of Health and Human Services, unauthorized actors reportedly had access to parts of NYC Health + Hospitals’ systems between approximately November 25, 2025 and February 11, 2026. The organization stated that it detected suspicious activity on February 2, 2026 and later secured its systems.
NYC Health + Hospitals reported that approximately 1.8 million individuals may have been affected by the incident, making it one of the largest healthcare-related data breaches reported in 2026.
The organization stated that the incident was associated with a compromise involving an unnamed third-party vendor with access to its systems.
What Information May Have Been Exposed?
According to the breach notice and related reports, the information involved may vary by individual but could include:
- Names and contact information
- Medical records and healthcare information
- Health insurance information
- Billing and payment information
- Social Security numbers
- Driver’s license and passport information
- Government-issued identification numbers
- Taxpayer identification information
- Biometric information, including fingerprints and palm prints
- Precise geolocation information
Reportedly exposed medical information may include diagnoses, medications, tests, and medical imagery.
Why This Breach Matters
Healthcare data breaches can create risks of identity theft, financial fraud, medical fraud, and phishing attacks. Incidents involving biometric information may present additional concerns because biometric identifiers generally cannot be changed once compromised.
NYC Health + Hospitals serves more than one million New Yorkers annually, including many individuals who are uninsured or receive government healthcare benefits such as Medicaid.
What Affected Individuals Can Do
Individuals who may have been affected by the breach may wish to consider:
- Monitoring financial and healthcare account statements
- Reviewing credit reports for suspicious activity
- Remaining cautious of unsolicited emails, text messages, or phone calls
- Changing passwords associated with healthcare accounts
- Enabling multi-factor authentication where available
According to reports, NYC Health + Hospitals is offering identity theft protection and credit monitoring services through Kroll Information Assurance for eligible individuals.
Attorneys Investigating the NYC Health + Hospitals Data Breach
Attorneys are investigating whether reasonable safeguards were in place to protect sensitive patient and employee information and whether affected individuals may have legal rights related to the incident.
If you received care, treatment, or services through NYC Health + Hospitals and believe your information may have been affected, you may contact a data breach attorney to learn more about your legal options.
Contact us: If you believe your information may have been exposed in the NYC Health + Hospitals data breach, complete the form on this page to request a free case evaluation.