(malwarebytes.com) Massive Healthcare Data Breach at NYC Health + Hospitals Exposes Sensitive Patient and Employee Data via Third-Party Vendor

orlysec@swecyb.com

(malwarebytes.com) Massive Healthcare Data Breach at NYC Health + Hospitals Exposes Sensitive Patient and Employee Data via Third-Party Vendor

NYC Health + Hospitals breach exposes 1.8M records, including biometric data, via third-party vendor compromise (Nov 2025–Feb 2026).

In brief - A supply-chain attack on NYC H+H via an unnamed vendor led to the exposure of PII, medical records, and biometric data for 1.8M individuals. The incident underscores third-party risks in healthcare and the long-term impact of biometric data theft.

Technically - Attackers exploited a vendor vulnerability to gain persistence in NYC H+H’s network, exfiltrating PII, medical/insurance records, and biometric data (fingerprints/palm prints). The breach aligns with FBI-reported ransomware trends targeting healthcare. Mitigation requires vendor risk management, MFA, encryption, and continuous monitoring of sensitive data.

Source: https://www.malwarebytes.com/blog/news/2026/05/biometrics-diagnoses-and-bank-details-exposed-in-major-healthcare-breach

#Cybersecurity #ThreatIntel