NYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people | TechCrunch

NYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people | TechCrunch

Briefly

"NYC Health and Hospitals says a months-long data breach that allowed hackers to steal personal data, medical records, and fingerprints scans affects at least 1.8 million people. NYCHHC is the largest public health system in the United States and provides healthcare to over a million New Yorkers, the majority of whom are uninsured or receive state healthcare benefits, such as Medicaid."

"The healthcare system reported the number to the U.S. Department of Health and Human Services, making it one of the largest healthcare-related data breaches of the year so far. Healthcare organizations have been repeatedly targeted by financially motivated cybercriminals in recent years in efforts to steal their vast banks of highly sensitive patients' personal, medical, and billing information."

"NYCHHC said that it detected a cyberattack on February 2 and secured its network. The hackers had access to its network from November 2025 until February 2026, during which the hackers copied files from its systems. The healthcare system said hackers broke due to a breach at a third-party vendor, which it did not name."

"The breach notice also says "precise geolocation data" was taken in the breach, suggesting that the user-uploaded photos of their identity documents may have also contained the exact location of where the document was captured. The breach is particularly sensitive because hackers stole biometric information, including fingerprints and palm prints, which affected individuals have for life and cannot replace."