NYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people - BERITAJA

New York nationalist wellness supplier NYC Health and Hospitals says a months-long information breach that allowed hackers to bargain individual data, aesculapian records, and fingerprints scans affects astatine slightest 1.8 cardinal people.

NYCHHC is the largest nationalist wellness strategy successful the United States and provides healthcare to over a cardinal New Yorkers, the mostly of whom are uninsured aliases person authorities healthcare benefits, specified arsenic Medicaid.

The healthcare strategy reported the number to the U.S. Department of Health and Human Services, making it 1 of the largest healthcare-related information breaches of the twelvemonth truthful far. Healthcare organizations person been many times targeted by financially motivated cybercriminals successful caller years successful efforts to bargain their immense banks of highly delicate patients’ personal, medical, and billing information.

In a information breach announcement connected its website, NYCHHC said that it detected a cyberattack connected February 2 and secured its network. The hackers had entree to its web from November 2025 until February 2026, during which the hackers copied files from its systems.

The healthcare strategy said hackers collapsed owed to a breach astatine a third-party vendor, which it did not name.

NYCHHC said that the exposed information varies by individual, and includes patients’ wellness security scheme and argumentation information, aesculapian accusation (such arsenic diagnoses, medications, tests, and imagery), billing, claims, and costs information. Other government-issued personality documents, specified arsenic Social Security numbers, passports, and driver’s licenses, were besides compromised.

The breach announcement besides says “precise geolocation data” was taken successful the breach, suggesting that the user-uploaded photos of their personality documents whitethorn person besides contained the nonstop location of wherever the archive was captured.

The breach is peculiarly delicate because hackers stole biometric information, including fingerprints and thenar prints, which affected individuals person for life and cannot replace. NYCHHC did not supply an mentation for storing biometric data. Prospective NYCHHC labor are mostly required to enroll their fingerprints for criminal records checks. It’s not yet known if patients’ biometrics were besides taken.

NYCHHC’s website was concisely offline arsenic of Monday morning. A spokesperson for NYCHHC did not instantly respond to an email from TechCrunch pinch questions about the cyberattack. TechCrunch asked, among different things, why it took the statement months to observe the breach, and if it has received immoderate connection from the hackers, specified arsenic a request for payment.

It’s not clear if NYCHHC could person email astatine the clip of the website outage.

The incident appears to beryllium unrelated to the information breach astatine National Association connected Drug Abuse Problems (NADAP) earlier this year, successful which complete 5,000 NYCHHC patients had accusation taken successful the cyberattack.

In the FBI’s latest annual study connected cybercrime covering 2025, healthcare remained a apical target for ransomware attackers — criminals who break into databases, bargain a transcript of the information while scrambling the victim’s servers, and frighten to people the stolen information if the unfortunate does not salary the hackers. A ransomware onslaught connected UnitedHealth-owned wellness tech elephantine Change Healthcare allowed Russian-linked hackers to bargain the aesculapian and billing accusation of much than 190 cardinal Americans, believed to beryllium the largest theft of U.S. aesculapian information successful history.