Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

April 28, 2025

Yale New Haven Health says nearly 5.6M patients affected by data breach

HBJ FILE PHOTO Yale New Haven Health
By David Krechevsky

The Yale New Haven Health System (YNHHS) has informed federal officials that a data breach in early March may have affected the personal information of nearly 5.6 million patients.

According to a filing with the U.S. Department of Health and Human Services’ Office for Civil Rights, which maintains an online database of reported breaches, the number of individuals potentially affected by the YNHHS breach is 5,556,702. 

That makes the YNHHS breach the largest in the U.S. this year, and more than five times larger than the breach that affected Middletown-based Community Health Center Inc. in January.

The Yale New Haven Health System includes Yale New Haven Hospital, as well as Bridgeport, Greenwich and Lawrence + Memorial hospitals, plus Westerly Hospital in Rhode Island and the Northeast Medical Group. It is the largest health system in Connecticut, with more than 1,500 in-patient beds and $5.6 billion in net patient revenue, according to the state Office of Health Strategy. 

In a letter to patients dated April 14, YNHHS said that on March 8 it “identified unusual activity affecting our Information Technology (IT) systems,” and that it “immediately took steps to contain the incident and began an investigation.” That included hiring Mandiant, a Virginia-based cybersecurity firm, to assist with the investigation.

The letter states that YNHHS has since determined that “an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data.”

It said the copied information varies by patient, “but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number.”

YNHHS said its electronic medical record system was not involved nor accessed, and that “no financial accounts, payment information or employee HR information” was included.

The organization said it is “providing appropriate resources,” to affected patients, “including offering complimentary credit monitoring and identity protection services to individuals whose Social Security number was involved.”

The letter adds that while YNHHS is not yet aware “of any patient information being used for identity theft of fraud,” it encourages patients to review statements they receive from their healthcare providers and to immediately report any inaccuracies. 

YNHHS is facing a growing number of class action lawsuits as a result of the data breach.

Sign up for Enews

Most Recent

Most Recent

Related Content

Report: State’s acute-care hospitals returned to a positive profit margin in FY23
Thumbnail Yale New Haven Health to open retail pharmacy at Bridgeport Hospital
Thumbnail Yale New Haven Health expands Greater Hartford urgent care footprint
Thumbnail Yale School of Medicine seeks OK to create outpatient reproductive endocrinology services facility in Orange

0 Comments

Order a PDF