Hackers Stole Medical Data And Fingerprints In NYC Health + Hospitals Breach Affecting 1.8 Million

NYC Health + Hospitals says hackers stole medical data and fingerprints in a months-long breach affecting at least 1.8 million people, after the public health system detected a cyberattack on February 2 and secured its network.

“Data breach exposes medical, financial, biometric data of 1”

Biometric Update

Firstpost says the hackers had access to its systems from November 2025 until February 2026, during which time they were able to access data and copy files.

Biometric Update

The exposed information described by Firstpost varies by individual and includes health insurance plans and policy information, medical records, billing, claims, and payment information.

Firstpost also says government-issued identity documents such as Social Security numbers, passports, and driver’s licences were compromised, along with precise geolocation data and biometric information.

TechCrunch reports that the breach notice says “precise geolocation data” was taken, and it frames the biometric theft as particularly sensitive because hackers stole biometric information, including fingerprints and palm prints, which affected individuals have for life and cannot replace.

TechCrunch also says it’s not yet known if patients’ biometrics were also taken, and it notes that NYCHHC did not provide an explanation for storing biometric data.

Claim Depot

Claim Depot says Shamis & Gentile P.A. is investigating the NYC Health and Hospitals Corporation data breach and that on March 24, 2026, NYC Health + Hospitals disclosed a data breach to the U.S. Department of Health and Human Services.

Claim Depot adds that the official report cited approximately 1,800,000 people in the United States affected by the incident, and it lists exposed categories including biometric information such as fingerprints and palm prints and Social Security numbers.

SecurityWeek says the HHS breach tracker added several major healthcare data breaches, with the largest incident affecting the New York City Health and Hospitals Corporation and exposing personal, health insurance, medical, biometric, and financial information.

“Trending: West Asia war updates PM Modi in Europe Ebola outbreak Aaron Rai Karuppu box office advertisement NYC Health + Hospitals state hackers stole medical data and fingerprints in breach affecting nearly 1”

Firstpost

SecurityWeek reports that an investigation found threat actors had access to its systems between November 2025 and February 2026 via a third-party vendor, and it says the HHS tracker shows the NYC Health and Hospitals breach affects 1.8 million individuals.

SecurityWeek also lists other tracker figures, including Erie Family Health Centers in Chicago, Illinois affecting 570,000 individuals, and it says a breach at Florida Physician Specialists reportedly affects 276,000.

In the same tracker update, SecurityWeek says Coastal Carolina Health Care in North Carolina and Western Orthopaedics in Colorado each reported data breaches impacting roughly 110,000 people, while it notes that a breach at Nacogdoches Memorial Hospital in Texas affects 2.5 million individuals according to the HHS tracker.