Yale New Haven Health System has confirmed a massive data breach that exposed the personal details of more than 5.5 million patients. The incident marks one of the largest healthcare-related breaches in recent years.
The organization detected suspicious activity on March 8. After digging deeper, the team found that hackers had copied sensitive data from its systems that same day. While hospital operations continued as normal, the attack still caused serious concern.
The stolen data includes a mix of patient details. Depending on the individual, this could mean names, birthdates, contact information, race or ethnicity, Social Security numbers, and medical record numbers.
However, Yale New Haven Health clarified that its core electronic medical record system wasn’t touched. Financial accounts, billing information, and staff HR data also remained secure.
On April 11, the health system officially disclosed the breach. Days later, the U.S. Department of Health and Human Services updated its breach portal to show the incident impacted over 5.5 million people.
While investigators haven’t confirmed if it was a ransomware attack, no cybercriminal group has stepped forward to claim responsibility. Experts suspect ransomware could be behind it, possibly with a ransom paid quietly to prevent a data leak.
This case adds to a growing list of attacks on healthcare providers. Last year alone, the U.S. recorded over 700 data breaches in the medical sector. Those events exposed more than 180 million patient records nationwide.
Healthcare organizations remain prime targets for cybercriminals. Many lack the funding or resources to modernize their systems, leaving critical data vulnerable. Attacks like this one highlight the urgent need for stronger cybersecurity across the industry.
Yale New Haven Health says it’s working with law enforcement and cybersecurity experts to investigate the breach. Impacted patients will receive notifications with guidance on what to do next.
