A data breach at Connecticut’s largest healthcare system Yale New Haven Health affects more than 5.5 million people, according to a legally required notice with the U.S. government’s health department.
Yale New Haven said the March cyberattack allowed malicious hackers to obtain copies of patients’ personally identifiable information and some healthcare-related data.
Per a notice on the healthcare system’s website, the stolen data varies by person, but can include patient names, dates of birth, postal and email addresses, phone numbers, race and ethnicity data, and Social Security numbers. The stolen data also includes information about types of patients and medical record numbers.
Local media quoted the healthcare system’s spokesperson as saying that the number of affected individuals “may change.”
When asked about the nature of the cyberattack by TechCrunch, Yale New Haven spokesperson Dana Marnane did not dispute that the incident was related to ransomware.
“The sophistication of the attack leads us to believe that it was executed by an individual or group who has a pattern of these types of incidents,” said Marnane, declining to comment further to TechCrunch, citing an ongoing law enforcement investigation.
The healthcare provider declined to say if it had any communication with the hackers, or if the hackers made a demand for payment.
As of press time, no major ransomware group has publicly taken credit for the hack. It’s not uncommon for ransomware and data extortion gangs to publish a victim’s stolen files when negotiations to pay the ransom demand fail.
This is the second major healthcare data breach confirmed this week, after Blue Shield of California revealed it shared health data of 4.7 million patients with Google over several years.
Updated with comment and additional details related to ransomware.
