Hackers managed to break into Yale New Haven Health’s (YNHHS) systems and steal sensitive information on more than 5.5 million people. The breach happened on March 8, and the organisation has brought in cybersecurity firm Mandiant to help investigate the attack.
The organisation disclosed the cyberattack in a statement on its website. The hospital’s ability to provide patient care remains unaffected, but patients and staff may experience issues with phone and internet connectivity as a result of the breach. Patient portals and electronic medical records are also working as expected.
The breach was first spotted by the organisation’s digital and technology solutions team. However, after Mandiant was brought in, further investigation revealed more information disclosed in a follow-up notice. It was confirmed that an “unauthorised third-party” gained access to their systems and was able to extract copies of specific data.
Leaked data includes names, date of birth, address, phone numbers, email addresses, race or ethnicity, Social Security number, patient type, and medical records number. That said, the information leaked varies by patient. Thankfully, YNHHS hasn’t seen any evidence suggesting the leaked information is being misused at the time of writing. The breach has also been reported to the Health and Human Services’ Office for Civil Rights and relevant law enforcement authorities, including the Feds.
As for affected individuals, starting April 14, the YNHHS has been sending out letters to all affected individuals, a total of 5,556,702. Affected individuals whose Social Security number was involved also get complimentary credit monitoring and identity protection services. The number of affected individuals makes this one of the biggest healthcare breaches of 2025 so far.
No other details on the attack were shared. With ransomware groups increasingly targeting healthcare organisations, there’s a possibility that YNHHS could be the target of a ransomware attack. However, the organisation hasn’t shared any information on how the hackers broke in, the attack vector, whether or not their data has been encrypted, or if the hackers have demanded a ransom. Mandiant is also known for its ransomware recovery services. The fact that
Ransomware groups target hospitals because of their fast-paced nature of work and often outdated digital security measures. Digital patient records often contain sensitive information about an individual, which can be used to commit identity theft or insurance fraud. Hospitals are also more likely to pay a ransom and resume operations, as any delays in negotiating with hackers can significantly affect their ability to treat patients.
In the News: Lazarus threat actors breach six South Korean companies
