Dive Brief:
A data breach at Yale New Haven Health has exposed the information of about 5.6 million people, according to a report submitted to federal regulators earlier this month.
The Connecticut-based health system detected unusual activity on its IT systems in early March, Yale New Haven said in a press release. An investigation later found an unauthorized third party had gained access to its network and stole copies of some patient data.
The incident is the largest healthcare breach reported to federal regulators so far in 2025, according to a portal managed by the HHS’ Office of Civil Rights.
Dive Insight:
The health system, which operates five hospitals, said the cybersecurity incident didn’t impact its ability to provide patient care. The provider’s electronic medical record system and patient portal were working normally during the cybersecurity incident in March, Yale New Haven said last month.
Patient data was exposed during the incident, including demographic information, Social Security numbers, patient type and medical record numbers. However, Yale New Haven’s EHR wasn’t accessed, and financial details or employee human resource information weren’t compromised, according to a press release.
The cybersecurity incident at Yale New Haven comes after a record-breaking year for cyberattacks and data breaches in the healthcare sector.
In early 2024, UnitedHealth-owned claims processor and technology firm Change Healthcare was targeted by ransomware, taking its systems offline and setting off a wave of disruption across the industry. In January, the company said data of about 190 million people was compromised in the attack — the largest healthcare breach ever reported to federal regulators.
The sector will likely continue to weather cyberattacks and attempted intrusions in 2025, experts say. For example, earlier this month, kidney dialysis provider DaVita reported that it had been hit by a ransomware attack, which uses a type of malware that denies users access to their data until a ransom is paid.
The healthcare sector is a popular target since medical records are particularly profitable for cybercriminals, according to Barry Mathis, managing principal of IT advisory consulting at PYA.
With a stolen medical record, cybercriminals have nearly all the information they need to file a state tax bill or fraudulent Medicare and Medicaid claims, he told Healthcare Dive last week.
“It’s a valuable commodity on the dark web,” Mathis said. “And as long as they’re making billions of dollars in that space, then they’re always going to be attacking.”
