"NYC Health and Hospitals (NYCHHC), the largest public health system in the US, said it detected a cyberattack on February 2. An investigation found that an unauthorized individual gained access to NYCHHC systems between November 25, 2025 and February 11, 2026, during which time files were copied from the network. Cybercriminals copied files from the system, including personal data, medical records, payment information and fingerprint scans."
"“Although the investigation is ongoing, it appears that the unauthorized actor may have gained access to NYC Health + Hospitals systems due to a security breach at a third-party vendor,” NYCHHC shared in a statement. The healthcare network serves more than one million residents across New York City, many of whom rely on Medicaid or lack health insurance altogether. NYCHHC said it has since strengthened security across its network in an effort to prevent another cyberattack."
"It also reset compromised account credentials, added new detection and protection tools, tightened remote access policies and introduced enhanced monitoring designed to identify the tactics allegedly used by the hackers. According to the announcement, the stolen information varies by person, but may include health insurance details, medical records, diagnoses, medications, test results and treatment plans. Hackers may also have accessed highly sensitive biometric data such as fingerprints and palm prints, along with billing and payment information."
"Other compromised information may include Social Security numbers, driver's license numbers, taxpayer identification numbers, IRS-issued identity protection numbers, precise geolocation data, credit and debit card numbers, financial account details and online account credentials. The breach also exposed biometric data, including fingerprints and palm prints."
NYC Health and Hospitals detected a cyberattack on February 2. An investigation found unauthorized access to its systems between November 25, 2025 and February 11, 2026, during which files were copied from the network. The copied files included personal information, medical records, payment information, and fingerprint scans. The healthcare system said access may have occurred through a security breach at a third-party vendor. The stolen information varies by person and may include health insurance details, diagnoses, medications, test results, and treatment plans. Highly sensitive biometric data such as fingerprints and palm prints were also potentially accessed. Other exposed data may include Social Security numbers, driver’s license numbers, taxpayer identification numbers, IRS-issued identity protection numbers, precise geolocation data, credit and debit card numbers, financial account details, and online account credentials. The organization strengthened security by resetting credentials, adding detection and protection tools, tightening remote access policies, and enhancing monitoring.
Read at Mail Online
Unable to calculate read time
Collection
[
|
...
]