Yale New Haven Health Warns 5.5 Million Patients of Possible Data Theft

A recent cybersecurity incident put more than 5.5 million Yale New Haven Health patients’ sensitive data at risk.

Yale New Haven Health suffered a cyberattack last month

Nonprofit healthcare system Yale New Haven Health (YNHHS) disclosed on March 11 that it suffered a cyberattack over the weekend.

Criminals breached the healthcare system’s network, causing several connectivity issues. Fortunately, the security incident didn’t impact the organization’s ability to care for patients.

Our patient portal and electronic medical records are running as normal, and our teams are working hard to manage the impact of phone and internet connection issues on patient care. There remain intermittent internet and application connectivity issues as our team rebuilds access to programs – this is purposeful and part of our comprehensive protocols for mitigating cybersecurity events.

However, new developments have experts worried that perpetrators gained unauthorized access to—and might have stolen—sensitive patient data.

Various types of sensitive data exposed to malicious actors

According to a Data Security Incident notification, the March 8 cyberattack against Yale New Haven Health exposed sensitive data of over 5.5 million patients.

The organization states that the information compromised in the breach varied from person to person. Exposed sensitive data may have included:

• Full names
• Dates of birth
• Addresses
• Telephone numbers
• Email addresses
• Race or ethnicity information
• Patient type data
• Social Security Numbers (SSNs)
• Medical record numbers

YNHHS’ electronic medical record and treatment information were not involved or accessed, and no financial account or payment information was involved.

Response and mitigation

In response to the incident, YNHHS vowed to continuously update its systems to prevent similar events from occurring in the future and protect the data it handles.

Starting April 14, the organization mailed letters to potentially affected patients, stating that it has no evidence of data misuse for fraud or identity theft.

Additionally, YNHHS offered complimentary identity protection and credit monitoring services to patients whose SSNs were exposed.

Dealing with the fallout of data breaches

Data breaches are no longer a matter of if, but when. They indiscriminately target hospitals, schools, small businesses, and tech giants alike. The worst part? Individuals have little control over how their data is stored, shared or protected.

While you can’t prevent data breaches, you can prepare for the aftermath.

Dedicated software like Bitdefender Digital Identity Protection can help you track your digital footprint across both the public and dark web, alerting you the moment your data is compromised, surfacing accounts you may have forgotten about, and offering quick, one-click fixes to patch vulnerable spots in your online presence.