NYC Health and Hospitals breached, 1.8M affected with medical data stolen
Original: NYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
Why This Matters
Largest healthcare breach of 2026 highlights vulnerability of biometric data in medical systems
NYC Health and Hospitals, the largest US public health system, reported hackers accessed its network from November 2025 to February 2026, stealing medical records, fingerprints, and personal data of at least 1.8 million people through a third-party vendor breach.
New York's public health provider NYC Health and Hospitals disclosed a major cyberattack affecting at least 1.8 million people, making it one of the largest healthcare breaches of 2026. The healthcare system, which serves over a million New Yorkers including many uninsured patients, detected the breach on February 2 after hackers had accessed its network since November 2025. The attack originated from a breach at an unnamed third-party vendor. Stolen data includes medical information such as diagnoses, medications, and test results, health insurance details, billing information, Social Security numbers, passports, driver's licenses, and precise geolocation data. Particularly concerning is the theft of biometric data including fingerprints and palm prints, which cannot be replaced. The organization has not explained why biometric data was stored or responded to questions about detection delays.