Major hospital cyberattack sees 6m Social Security numbers and medical data stolen… see if you’re affected

A major data breach has compromised the personal information of 5.5 million patients 

Yale New Haven Health (YNHHS), which operates five hospitals in Connecticut, reported hackers accessed sensitive information like name, Social Security number, patient type and medical record number.

The breach occurred on March 8, when YNHHS first detected unusual activity within its IT systems. 

However, it was not until April 11 that the organization confirmed patient data had indeed been stolen. 

YNHHS said electronic medical record and treatment information were not  accessed, and no financial account or payment information was involved in the breach.

The healthcare system began mailing letters to impacted patients on April 14, noting it has not found evidence of ‘any patient information being used for identity theft or fraud.’

The US Department of Health and Human Services breach portal confirmed that the data breach impacted 5,556,702 patients. 

That makes it the largest healthcare breach reported to federal regulators so far in 2025.

This is a developing story… More updates to come  

YNHHS publicly reported the suspicious activity on March 11, noting that it did not impact patient care, and opened an investigation.

‘Our investigation has now determined that an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data,’ the healthcare system shared on April 11.

‘The information involved varies by patient, but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number.’

While YNHHS said payment information was not access, it has urged patients to ‘review statements they receive from their healthcare providers and immediately report any inaccuracies to the provider.’