HQ/EMEAFind out how we can help your business
Yale New Haven Health (YNHHS) has reported that cybercriminals accessed the personal data of 5.5 million patients during an alleged cyberattack earlier this month.
The affected entity is one of Connecticut’s largest nonprofit healthcare networks. It provides extensive care through five hospitals and 360 outpatient facilities.
Additionally, it is the current home to more than 30,000 healthcare professionals and generates over $5.6 billion in annual revenue.
Yale New Haven Health initially uncovered the purported cyberattack last month.
According to reports, Yale New Haven Health disclosed that it had been dealing with a cyberattack last month. Although the incident caused disruptions to its IT systems, the organisation insisted that its patient care remained unaffected.
YNHHS enlisted an external security provider to assist with system recovery and forensic analysis while alerting federal authorities about the breach.
Additional assessment of the alleged hack revealed that the data breach potentially exposed sensitive patient information to unauthorised parties.
Still, the nature of the compromised information varies among patients. Researchers noted that it may include full name, date of birth, postal address, phone number, email address, race or ethnicity, Social Security number (SSN), patient type, and medical record number.
The NGO is actively protecting those affected and enhancing its security protocols. It was clarified that the breach did not compromise financial data, medical records, or treatment specifics.
Furthermore, YNHHS sent letters to affected patients, providing information on enrolling in free credit monitoring and identity protection services for those whose SSN was compromised. A recent entry in the U.S. Department of Health and Human Services breach portal also confirmed that the data breach impacted 5,556,702 patients.
Due to the scale of the breach, class action lawsuits are being prepared by law firms representing affected individuals who seek compensation for the exposure of their sensitive information.
Currently, no ransomware groups have claimed responsibility for the cyberattack, leaving the attackers’ identities unknown.
