Yale New Haven Health System (YNHHS), which operates several hospitals in Connecticut, recently disclosed a data breach impacting the personal information of millions of patients:
On March 8, 2025, YNHHS identified unusual activity affecting our IT systems. We immediately took steps to contain the incident and began an investigation with support from external cybersecurity experts, and we also reported the incident to law enforcement. At no point did the incident impact our ability to provide patient care.
Our investigation has now determined that an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data. The information involved varies by patient, but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number. YNHHS’ electronic medical record system was not involved nor accessed in this incident, and no financial accounts, payment information or employee HR information was included.
We have begun the process of mailing letters to patients whose information was involved in this incident and providing appropriate resources, including offering complimentary credit monitoring and identity protection services to individuals whose Social Security number was involved. Patients are also encouraged to review statements they receive from their healthcare providers and immediately report any inaccuracies to the provider.
Commenting on this news is James McQuiggan, Security Awareness Advocate at KnowBe4:
“With this attack, not having any group come forward is unusual, as these groups thrive on recognition. They post leaks, demand ransoms, or even taunt organizations publicly. So, when silence follows a breach, it could be for a longer-term operation.”
“Data being exfiltrated could be used for a long-term scenario of identity theft, medical fraud, or perhaps resale on private dark markets. The attackers may also want to stay under the radar.”
“If a person’s sensitive data becomes exposed, they should quickly protect their identity and credit. Consider freezing credit to block identity fraud and monitor medical records for suspicious activity.”
“Change passwords for healthcare portals and stay alert for phishing attempts using their details. Don’t wait for official alerts. Just assume their data is exposed and protect their data and accounts adequately.”
“Like so many others, this breach isn’t just about stolen data. It’s about the lost trust between people, and the systems meant to protect their most personal information. Until security is treated as a shared responsibility by leadership, vendors, and every employee in the chain, these incidents and conversations will continue, and victims will keep paying the price.”
It’s only Thursday, but it truly feels like this week is full of ransomware attacks. That’s incredibly bad. And it illustrates that we all need to do better to stop the madness.
Like this:
Like Loading...
Related
This entry was posted on April 24, 2025 at 2:06 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Millions Of Patients Affected by Data Breach at Yale New Haven Health
Yale New Haven Health System (YNHHS), which operates several hospitals in Connecticut, recently disclosed a data breach impacting the personal information of millions of patients:
On March 8, 2025, YNHHS identified unusual activity affecting our IT systems. We immediately took steps to contain the incident and began an investigation with support from external cybersecurity experts, and we also reported the incident to law enforcement. At no point did the incident impact our ability to provide patient care.
Our investigation has now determined that an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data. The information involved varies by patient, but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number. YNHHS’ electronic medical record system was not involved nor accessed in this incident, and no financial accounts, payment information or employee HR information was included.
We have begun the process of mailing letters to patients whose information was involved in this incident and providing appropriate resources, including offering complimentary credit monitoring and identity protection services to individuals whose Social Security number was involved. Patients are also encouraged to review statements they receive from their healthcare providers and immediately report any inaccuracies to the provider.
Commenting on this news is James McQuiggan, Security Awareness Advocate at KnowBe4:
“With this attack, not having any group come forward is unusual, as these groups thrive on recognition. They post leaks, demand ransoms, or even taunt organizations publicly. So, when silence follows a breach, it could be for a longer-term operation.”
“Data being exfiltrated could be used for a long-term scenario of identity theft, medical fraud, or perhaps resale on private dark markets. The attackers may also want to stay under the radar.”
“If a person’s sensitive data becomes exposed, they should quickly protect their identity and credit. Consider freezing credit to block identity fraud and monitor medical records for suspicious activity.”
“Change passwords for healthcare portals and stay alert for phishing attempts using their details. Don’t wait for official alerts. Just assume their data is exposed and protect their data and accounts adequately.”
“Like so many others, this breach isn’t just about stolen data. It’s about the lost trust between people, and the systems meant to protect their most personal information. Until security is treated as a shared responsibility by leadership, vendors, and every employee in the chain, these incidents and conversations will continue, and victims will keep paying the price.”
It’s only Thursday, but it truly feels like this week is full of ransomware attacks. That’s incredibly bad. And it illustrates that we all need to do better to stop the madness.
Share this:
Like this:
Related
This entry was posted on April 24, 2025 at 2:06 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.