Is your medical data safe? Millions may be at risk after major hospital cyberattack
- Replies 0
In today’s digital world, even a routine hospital visit can put your most sensitive information at risk.
One of the country’s largest healthcare systems is now at the center of a growing cybersecurity crisis—one that may affect millions.
If you've ever been a patient at one of its locations, you might be among those impacted by what’s now the largest reported healthcare data breach of 2025.
The breach was first discovered on March 8, when Yale New Haven Health detected “unusual activity” within its IT systems.
At the time, the nonprofit system said there was no disruption to patient care, but an internal investigation was immediately launched.
It wasn’t until April 11 that YNHHS confirmed the worst: an unauthorized party had accessed and downloaded data from its network.
In a statement, YNHHS revealed, “An unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data.”
According to the healthcare provider, the stolen information varied by patient, but could include:
YNHHS emphasized that no financial information, electronic medical records, or treatment data were affected.
However, the scale of the breach—and the type of information accessed—has triggered serious concerns.
Yale New Haven Health isn’t just any hospital system. Formed in 1913 from a partnership between Yale School of Medicine and New Haven Hospital, YNHHS is Connecticut’s largest healthcare network, with over 360 locations across Connecticut, Rhode Island, and parts of New York.
Its facilities handle millions of patients annually, which is why the breach—confirmed to impact 5,556,702 individuals—is especially significant.
According to the US Department of Health and Human Services breach portal, this is the largest healthcare breach reported in 2025 so far.
On April 14, YNHHS began sending letters to affected patients, informing them of what happened and offering complimentary credit monitoring and identity protection services, particularly for those whose Social Security numbers were involved.
They noted that they have not found evidence of “any patient information being used for identity theft or fraud.”
The health system also encouraged patients to “review statements they receive from their healthcare providers and immediately report any inaccuracies to the provider.”
While this is the biggest breach of the year, it’s part of a growing trend. Last year, Change Healthcare, owned by UnitedHealth Group, fell victim to a cyberattack that ultimately affected 100 million people—the largest healthcare data breach in US history.
That attack even surpassed the 2015 breach of Anthem Inc., which exposed the records of 78.8 million individuals.
And earlier this year, another breach hit Community Health Center (CHC) in Connecticut, exposing the data of more than one million patients—including patient's name, date of birth, address, phone number, email, diagnoses, treatment details, test results, Social Security number, and health insurance information.
CHC later confirmed that they “found that a skilled criminal hacker got into our system and took some data, which might include your personal information.”
The breach, which occurred on October 14, 2024, impacted current and former patients, as well as all individuals who received a COVID test or vaccine at a CHC clinic.
CHC determined the hacker infiltrated what it described as "its inadequately secured computer environment," gaining access to its data files.
The company said it has since "added special software to watch for suspicious activity."
A law firm investigating the CHC breach warned, “These individuals’ personal and highly sensitive information may be in the hands of cybercriminals who can place the information for sale on the dark web or use the information to perpetrate identity theft.”
Murphy Law Firm is currently investigating the breach to determine whether a class action lawsuit can be filed against CHC.
Other recent cyberattacks:
Did you receive a letter from Yale New Haven Health? Are you concerned about the future of your personal medical data? How confident are you in healthcare providers’ ability to protect sensitive information in today’s digital world? Join the conversation in the comments and let us know how this cyberattack has affected your trust in the healthcare system.
One of the country’s largest healthcare systems is now at the center of a growing cybersecurity crisis—one that may affect millions.
If you've ever been a patient at one of its locations, you might be among those impacted by what’s now the largest reported healthcare data breach of 2025.
The breach was first discovered on March 8, when Yale New Haven Health detected “unusual activity” within its IT systems.
At the time, the nonprofit system said there was no disruption to patient care, but an internal investigation was immediately launched.
It wasn’t until April 11 that YNHHS confirmed the worst: an unauthorized party had accessed and downloaded data from its network.
In a statement, YNHHS revealed, “An unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data.”
Yale New Haven Health detected “unusual activity” within its IT systems. Image source: WTNH News8 / YouTube
According to the healthcare provider, the stolen information varied by patient, but could include:
- Name
- Date of birth
- Address
- Phone number
- Email address
- Race or ethnicity
- Social Security number
- Patient type
- Medical record number
YNHHS emphasized that no financial information, electronic medical records, or treatment data were affected.
However, the scale of the breach—and the type of information accessed—has triggered serious concerns.
Yale New Haven Health isn’t just any hospital system. Formed in 1913 from a partnership between Yale School of Medicine and New Haven Hospital, YNHHS is Connecticut’s largest healthcare network, with over 360 locations across Connecticut, Rhode Island, and parts of New York.
Its facilities handle millions of patients annually, which is why the breach—confirmed to impact 5,556,702 individuals—is especially significant.
According to the US Department of Health and Human Services breach portal, this is the largest healthcare breach reported in 2025 so far.
On April 14, YNHHS began sending letters to affected patients, informing them of what happened and offering complimentary credit monitoring and identity protection services, particularly for those whose Social Security numbers were involved.
They noted that they have not found evidence of “any patient information being used for identity theft or fraud.”
The health system also encouraged patients to “review statements they receive from their healthcare providers and immediately report any inaccuracies to the provider.”
While this is the biggest breach of the year, it’s part of a growing trend. Last year, Change Healthcare, owned by UnitedHealth Group, fell victim to a cyberattack that ultimately affected 100 million people—the largest healthcare data breach in US history.
That attack even surpassed the 2015 breach of Anthem Inc., which exposed the records of 78.8 million individuals.
And earlier this year, another breach hit Community Health Center (CHC) in Connecticut, exposing the data of more than one million patients—including patient's name, date of birth, address, phone number, email, diagnoses, treatment details, test results, Social Security number, and health insurance information.
Change Healthcare, owned by UnitedHealth Group, fell victim to a cyberattack. Image source: Azamat E / Unsplash
CHC later confirmed that they “found that a skilled criminal hacker got into our system and took some data, which might include your personal information.”
The breach, which occurred on October 14, 2024, impacted current and former patients, as well as all individuals who received a COVID test or vaccine at a CHC clinic.
CHC determined the hacker infiltrated what it described as "its inadequately secured computer environment," gaining access to its data files.
The company said it has since "added special software to watch for suspicious activity."
A law firm investigating the CHC breach warned, “These individuals’ personal and highly sensitive information may be in the hands of cybercriminals who can place the information for sale on the dark web or use the information to perpetrate identity theft.”
Murphy Law Firm is currently investigating the breach to determine whether a class action lawsuit can be filed against CHC.
Other recent cyberattacks:
- Health insurance data hack hits millions—here’s how to protect yourself
- Is your health harmed? Find out if you’re one of the million affected by the latest massive data breach!
