NYC Health + Hospitals Suffers Major Data Breach Affecting Over a Million Patients
On February 2, 2026, New York City Health + Hospitals (NYC Health + Hospitals), the largest public healthcare system in the U.S., detected unauthorized access to its computer network. An investigation revealed that sensitive data was accessed and exfiltrated between November 25, 2025, and February 11, 2026.
The compromised files contained a wide range of personal and medical information, including names, Social Security numbers, driver’s license numbers, health insurance details, medical records (diagnoses, medications, test results, and treatment plans), biometric data, payment information, and online account credentials. The breach impacts individuals who received care through NYC Health + Hospitals’ network of hospitals, clinics, and long-term care facilities, which serves over a million patients annually.
Edelson Lechtzin LLP, a national class action law firm, has launched an investigation into potential legal claims on behalf of affected individuals. The firm is evaluating remedies for those whose data may have been exposed. No further details on the breach’s origin or the number of impacted individuals have been disclosed at this time.
NYC Health + Hospitals cybersecurity rating report: https://www.rankiteo.com/company/nyc-health-and-hospitals-corporation
"id": "NYC1774664917",
"linkid": "nyc-health-and-hospitals-corporation",
"type": "Breach",
"date": "3/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over a million patients',
'industry': 'Healthcare',
'location': 'New York City, USA',
'name': 'NYC Health + Hospitals',
'size': 'Largest public healthcare system in the U.S.',
'type': 'Public Healthcare System'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Over a million',
'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'driver’s license '
'numbers, health '
'insurance details',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Medical Records',
'Payment Information',
'Biometric Data',
'Online Account Credentials']},
'date_detected': '2026-02-02',
'description': 'NYC Health + Hospitals, the largest public healthcare system '
'in the U.S., suffered a major data breach involving '
'unauthorized access to its computer network and exfiltration '
'of sensitive patient data. The breach impacts over a million '
'patients, exposing personal and medical information.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'large-scale data exposure',
'data_compromised': 'Sensitive personal and medical information, '
'including names, Social Security numbers, '
'driver’s license numbers, health insurance '
'details, medical records, biometric data, '
'payment information, and online account '
'credentials',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuits',
'payment_information_risk': 'High',
'systems_affected': 'Computer network of NYC Health + Hospitals'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Edelson Lechtzin LLP'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuits',
'regulations_violated': ['HIPAA']},
'title': 'NYC Health + Hospitals Major Data Breach',
'type': 'Data Breach'}