NYC Health + Hospitals Reports Data Breach Caused by Possible Third-Party Vendor Compromise

NYC Health + Hospitals, reports a data breach hat possibly originated from a security breach at a third-party vendor.  

Attackers gained access to the network between November 25, 2025, and February 11, 2026. The breach likely exploited a vulnerability in the supply chain involving an external service provider that's not named. 

The compromised data includes:

• Health insurance information including plans, policies, and member ID numbers
• Medical records, disability codes, diagnoses, medications, and treatment plans
• Biometric information such as fingerprints and palm prints
• Billing, claims, and payment information
• Social Security numbers and government-issued identification
• Financial account information and online credentials
• Precise geolocation data

The number of affected individuals is not disclosed. The organization is working with law enforcement and external security experts to ensure the containment of the incident. NYC Health + Hospitals is offering one year of complimentary credit monitoring and identity restoration services.