NYC Health and Hospitals confirmed that hackers accessed personal and medical data from at least 1.8 million people during a significant security breach. The attack also compromised biometric information, including fingerprints, marking one of 2026's largest healthcare data breaches.
The New York public healthcare system disclosed the breach this week, revealing the scope of unauthorized access to its patient database. Compromised data includes names, addresses, Social Security numbers, and medical records spanning the system's patient population.
Biometric information stolen in the attack presents heightened security concerns. Fingerprint data, unlike passwords, cannot be easily changed if compromised. The theft of such data could expose patients to identity theft, fraud, and unauthorized access to secure facilities or systems that use fingerprint authentication.
NYC Health and Hospitals operates the largest municipal hospital system in the United States, serving millions of New Yorkers annually. The breach affects patients who received care across the system's facilities over an extended period.
The healthcare organization has not yet publicly identified the attackers or disclosed the attack method. Investigation into the incident is ongoing. The system said it is notifying affected patients and offering credit monitoring services as a precautionary measure.
The breach adds to a growing list of major healthcare data incidents in recent years. Patient medical records remain high-value targets for cybercriminals due to the sensitive personal information they contain and the difficulty patients face in remedying unauthorized access.
Experts recommend affected individuals monitor accounts for suspicious activity and consider freezing credit as a preventive measure. The incident underscores ongoing challenges healthcare providers face in protecting patient data against evolving cyber threats.
NYC Health and Hospitals has not announced disciplinary actions or systemic changes in response to the breach. The organization continues to investigate the full scope of the incident and assess any ongoing security vulnerabilities.
Microsoft has released a patch for a zero-day vulnerability in Windows Defender that could allow attackers to exhaust hard disk space. The flaw was discovered and reported by security researcher NightmareEclipse.
A software defect from 2006 triggered a cascading network failure that knocked out Telstra's national phone service Wednesday morning. The bug, related to daylight savings time processing, created a 'digital domino chain' that locked customers out across the country.
The EU Parliament is advancing legislation that would require tech companies to scan for child sexual abuse material (CSAM), reviving a proposal rejected in March. End-to-end encrypted services like WhatsApp would be exempt from the requirements.
Hackers compromised the Injective Labs SDK repository on GitHub and published a malicious package to npm that steals cryptocurrency wallet private keys and seed phrases from developers.