- Yale New Haven Health suffered a cyber attack in early March 2025
- A later investigation showed the theft of confidential data
- More than five million people could have been affected
A recent cyber attack on Yale New Haven Health (YNHHS) may have resulted in the theft of confidential data of more than five million people.
The non -profit health network confirmed the news on a legal notice published on its website, where he said he had identified “unusual activity” in his IT systems on March 8, 2025.
The subsequent research, carried out with the help of an expert in third -party forensics, showed that “copies of certain data were stolen.”
Incoming class action demands
“At no time this incident hit our ability to provide patient care,” said Ynhhs.
Then, the organization detailed the information that was stolen: names of people, birth dates, addresses, telephone numbers, email addresses, race and ethnicity, social security numbers, patient type information and/or medical registration numbers.
Electronic medical records and treatment information were not stolen, the organization stressed and added that criminals did not rob financial account or payment information.
While the notice did not discuss the number of people affected, Bleepingcomputer He found a new entry in the Violation Portal of the Department of Human Health and Services of the United States, where he says that 5,556,702 patients are affected.
The publication says that given the scope of the impact, the demands of collective action “are already being prepared” by law firms that represent the impacted persons who will seek the refund.
At the time of publication, no threat actor assumed the responsibility of the attack, and the data has not yet emerged in the dark network.
In general terms, organizations in the health industry are an attractive objective for cybercriminals, due to the sensitivity of the files they generate, and the fact that many continue to execute outdated and careless hardware and software.
In mid -March 2025, for example, both Sunflower Medical Group and Community Care Alliance confirmed to suffer a cyber attack and lose data about about 300,000 people.
