Breaking
British couple on new hunger strike in Iranian jail, family sayAlmost 20% of New Zealand townhouses selling for a lossIndia may tighten capital controls to halt rupee slump, Citi saysEbola vaccine could take nine months as death toll rises further, WHO warnsBritish couple on new hunger strike in Iranian jail, family sayAlmost 20% of New Zealand townhouses selling for a lossIndia may tighten capital controls to halt rupee slump, Citi saysEbola vaccine could take nine months as death toll rises further, WHO warns
Vesper
ENESFRTR
Charts
Articles:SportsHealthHistoryTech
Markets
EUR/USD1.1612 0.07%GBP/USD1.3400 0.05%USD/JPY159.03 0.05%USD/CHF0.7886 0.14%AUD/USD0.7111 0.08%USD/CAD1.3749 0.05%USD/CNY6.8207 0.21%USD/INR96.65 0.11%USD/BRL5.0310 0.16%USD/ZAR16.69 0.25%USD/TRY45.59 0.04%Gold$4,548.60BTC$77,589 1.09%ETH$2,137 1.26%SOL$86.08 2.13%
Tech

NYC Health + Hospitals says hackers stole medical data and fingerprints affecting at least 1.8 million people

TechCrunch1 d ago
ShareXWhatsAppTelegramLinkedIn
Hospital server room with cables and network racks
Photo: Brett Sayles / Pexels

According to TechCrunch, New York City's public hospital network NYC Health + Hospitals has disclosed that medical data and fingerprints belonging to at least 1.8 million people were stolen in a cyberattack. The incident ranks among the largest US health-data breaches in recent years.

In a notice issued on Monday, the hospital system said that the breach, which it detected in February 2026, had been confirmed after an extensive forensic review. The exact start date of the intrusion is not finalised, but estimates point back to September 2025.

The stolen data includes patient names, dates of birth, home addresses, Social Security numbers, medical-history records and laboratory results. According to TechCrunch, fingerprints were also among the biometric data stolen in the attack.

NYC Health + Hospitals is the largest public hospital network in the United States. It serves around 1.4 million patients a year and runs the city's 11 hospitals and more than 70 clinics. The system also handles patients covered by federal Medicaid and the city's own insurance programmes.

In a press briefing, the system's chief executive Dr Mitchell Katz said: "We are offering free identity-protection services and credit monitoring to all affected patients. The federal Department of Health and the state Attorney General have also been notified."

The group behind the attack has not yet been publicly named. According to cybersecurity sources spoken to by TechCrunch, the operation has the profile of a data-theft campaign rather than a ransomware event. The hospitals' operational systems did not go down.

US health-data breaches have grown substantially over the past three years. According to the federal Department of Health and Human Services, the total number of patients affected by US health-data breaches passed 168 million in 2024. The NYC Health + Hospitals incident ranks as the largest US health-data breach so far in 2026.

On the data content, the theft of fingerprints is a particular concern. Because fingerprints are biometric data that cannot be changed, once leaked they cannot reliably be used for identity verification. Patients whose fingerprints were taken are no longer safe to use those prints for future security applications.

NYC Health + Hospitals announced that, in response to the breach, it has launched a 90-million-dollar cybersecurity upgrade programme. That budget will fund external audit teams, the extension of multi-factor authentication to all staff and the retirement of older systems.

At the federal level, the FBI and the Department of Health's cybersecurity unit have joined the investigation. NYC Health + Hospitals has set up a call centre (1-855-360-3045) and a dedicated website where affected patients can find information. The company expects its inquiry to take a further 18 to 24 months.

This article is an AI-curated summary based on TechCrunch. The illustration is a stock photo by Brett Sayles from Pexels.