ADVERTISEMENT

Hackers stole fingerprints, medical records of 1.8M in massive NYC hospital breach

NYC Health + Hospitals is warning 1.8 million patients that hackers stole medical records, Social Security numbers, banking information, and even fingerprint data in a months-long breach of the nation’s largest public hospital system.

NYC Health + Hospitals

Metropolitan Hospital, NYC Health + Hospitals. Image by Here Now | Shutterstock

Stefanie Schappert
Stefanie Schappert Senior Journalist
May 21, 2026 Updated: 22 May 2026 3 min read
Key takeaways:
NYC Health + Hospitals data breach notice
Notice of Data Breach page published by NYC Health + Hospitals following the cyberattack. nychealthandhospitals.org

Fingerprints and medical records exposed

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
  • Personal information: names, dates of birth, addresses, Social Security numbers, driver’s license or passport numbers, taxpayer ID numbers, and precise geolocation data.
  • Health-related information: medical record numbers, health insurance information, Medicaid/Medicare government ID numbers, diagnoses, medications, test results, images, and treatment plans.
  • Financial and other identifying information: billing, claims, and payment information, credit card/debit card numbers, bank account information, as well as online account credentials and biometric data such as fingerprints and palm prints.
medical patient records
Medical records containing diagnoses, treatment plans, and insurance information were among the data exposed in the NYC Health + Hospitals breach. Image by Tero Vesalainen | Shutterstock
ADVERTISEMENT

Patients urged to monitor accounts

NYC Health + Hospitals
Harlem Hospital is part of the NYC Health + Hospitals network, one of the largest public healthcare systems in the US. Image by Here Now | Shutterstock
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
Stryker LifePak defibrillator device
Healthcare organizations have become prime targets for cybercriminals because of the vast amount of sensitive patient data they store. Stryker LifePak defibrillator device. Image by Stryker

ADVERTISEMENT