New York Blood Center Enterprises (NYBCe)

In January 2025, New York Blood Center Enterprises (NYBCe) suffered a data breach exposing the personal and sensitive information of **193,822 individuals**. The compromised data included **names, Social Security numbers, state-issued IDs (e.g., driver’s licenses), bank account details (for direct deposit participants), health information, and test results**. An unauthorized party accessed NYBCe’s network between **January 20–26, 2025**, acquiring copies of internal files. While no cybercriminal group has publicly claimed responsibility, the breach forced NYBCe to take immediate containment measures to mitigate disruption to critical blood and medical services. The organization is offering affected individuals **free credit and identity monitoring** via Experian. The incident ranks as the **fourth-largest healthcare breach of 2025** in the U.S. by records compromised. NYBCe, a nonprofit serving over **75 million patients** across 600+ hospitals, did not disclose whether ransomware was involved or if a ransom was paid.

Source: https://www.comparitech.com/news/new-york-blood-center-notifies-194000-people-of-data-breach/

TPRM report: https://www.rankiteo.com/company/new-york-blood-center

"id": "new3292232091725",
"linkid": "new-york-blood-center",
"type": "Breach",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': '193,822 individuals',
                        'industry': 'Healthcare (Blood/Stem Cell Services, '
                                    'Pharmaceuticals, Medical Testing)',
                        'location': 'New York, USA',
                        'name': 'New York Blood Center Enterprises (NYBCe)',
                        'size': '10 locations; collaborates with 600+ '
                                'hospitals; served 75M+ patients',
                        'type': 'Non-profit organization'}],
 'customer_advisories': 'Patients whose data was shared with NYBCe urged to '
                        'verify exposure status via phone',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 193822,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (PII, financial, and health '
                                        'data)',
                 'type_of_data_compromised': ['Names',
                                              'Social Security numbers',
                                              'State-issued ID numbers (e.g., '
                                              'driver’s license)',
                                              'Bank account information '
                                              '(direct deposit participants)',
                                              'Health information',
                                              'Test results']},
 'date_detected': '2025-01-26',
 'description': 'New York Blood Center Enterprises (NYBCe) confirmed a data '
                'breach in January 2025 that exposed personal information of '
                '193,822 individuals, including names, Social Security '
                'numbers, state-issued ID numbers, bank account info (for '
                'direct deposit participants), health information, and test '
                'results. The breach occurred between January 20 and January '
                '26, 2025, when an unauthorized party accessed the network and '
                'acquired copies of files. No cybercriminal group has publicly '
                'claimed responsibility. NYBCe took immediate containment '
                'actions and offered free credit/identity monitoring to '
                'victims via Experian.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'exposure of sensitive health and '
                                       'financial data',
            'data_compromised': True,
            'identity_theft_risk': 'High (SSNs, bank account info, and health '
                                   'data exposed)',
            'operational_impact': 'Disruption to critical services (reduced '
                                  'via containment)',
            'payment_information_risk': 'Moderate (bank account info for '
                                        'direct deposit participants)',
            'systems_affected': ['Internal computer systems']},
 'investigation_status': 'Ongoing (as of publication)',
 'ransomware': {'data_exfiltration': True},
 'references': [{'source': 'Comparitech'},
                {'source': 'New York Blood Center Enterprises Public Notice'}],
 'regulatory_compliance': {'regulatory_notifications': ['Oregon Attorney '
                                                        'General (193,822 '
                                                        'victims reported)']},
 'response': {'communication_strategy': 'Public notice to victims; free '
                                        'credit/identity monitoring offered; '
                                        'call-in verification for affected '
                                        'patients',
              'containment_measures': 'Immediate actions to contain the threat '
                                      'and reduce disruption',
              'incident_response_plan_activated': True,
              'third_party_assistance': ['Experian (credit/identity '
                                         'monitoring)']},
 'stakeholder_advisories': 'Victims advised to call NYBCe to confirm data '
                           'compromise; free credit/identity monitoring '
                           'offered via Experian',
 'title': 'New York Blood Center Enterprises Data Breach (January 2025)',
 'type': ['Data Breach', 'Unauthorized Access']}