Yale New Haven Health (YNHHS) data breach influenced 5.5 million patients
April 24, 2025 
The cyberattack led to the stealing of personal data of 5.5 million patients in Yale New Haven Health (YNHHS).
Announcement made by Yale New Haven Health (YNHHS) revealed an exposure of personal data of 5.5 million patients after facing a recent cyberattack.
Yale New Haven Health System (YNHHS) is a not-for-profit healthcare network established in New Haven, Connecticut. It serves as the most extensive healthcare system in the state, with a wide range of medical services and facilities.
With more than 360 sites throughout Connecticut, southeastern New York, and Rhode Island, the system manages over 2,400 beds and employs a large group of healthcare professionals. The healthcare network has about 30,000 health professionals and generates annual revenue exceeding $5.6 billion.
On March 11, 2025, YNHHS experienced a cyber incident concerning IT services, which was promptly handled with support from cybersecurity company Mandiant. The organization stated that patient care and medical records were unaffected, although some internet and app access issues are still being resolved as part of the recovery process. Authorities were also informed.
The data breach was disclosed by YNHHS on April 11, 2025, indicating that malicious actors obtained sensitive patient data. The stolen information includes:
- Full name
- Date of birth
- Residential address
- Contact number
- Email address
- Race/ethnicity
- Social Security number (SSN)
- Patient category
- Medical record ID
It was specified that financial details, medical records, or treatment specifics were not part of the exposure.
“The unusual activity affecting our Information Technology (IT) systems was identified on March 8, 2025. Immediate actions were taken to contain the situation and initiate an investigation with the help of external cybersecurity professionals. Law enforcement was notified about the incident. Investigation results showed that an unauthorized third party accessed our network and on March 8, 2025, acquired copies of specific data.” quoted from the Notice of Data Security Incident released by YNHHS. “No impact on patient care occurred throughout this incident.”
Starting April 14, YNHHS is sending notification letters to impacted patients. No data misuse has been reported, and individuals with compromised Social Security numbers are offered complimentary credit monitoring. A dedicated helpline at 1-855-549-2678 has been established for inquiries.
As per the U.S. Department of Health and Human Services breach portal, the incident influenced 5,556,702 individuals.
No technical specifics about the attack have been disclosed by the organization, and currently, no ransomware group has admitted to the attack.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Yale New Haven Health)
About Author
