Yale New Haven Health System, based in New Haven, CT, recently reported a significant data breach affecting 5.5 million individuals. The breach, which occurred in March 2025, was disclosed to the HHS Office for Civil Rights. This breach surpasses the previous record set by Blue Shield of California, affecting 4.7 million people. The compromised data includes sensitive personal and medical details of individuals across multiple states.
The breach was detected on March 8, 2025, after anomalous activity was observed in Yale New Haven Health’s IT systems. A prompt response was initiated to contain the incident, and an investigation began to determine the scope. The health system confirmed that an unauthorized third party gained access to its network and exfiltrated data. This breach did not affect patient care, but it did involve patient data, which included personal and medical details.
The data stolen during the cyberattack varied by individual and could include names, addresses, phone numbers, and medical record numbers.
Additionally, Social Security numbers were compromised for some individuals, although no financial data was affected. Yale New Haven Health emphasized that its electronic medical record system was not breached. While the full extent of the data exposure remains under investigation, the breach remains significant.
In response, Yale New Haven Health began mailing individual notification letters to affected individuals on April 14, 2025. They are also offering complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers were compromised. Yale New Haven Health stated that it continuously enhances its security measures to protect sensitive information. The prompt issuance of notifications is a positive step in managing the breach’s impact.
Reference: