Tuesday , July 14 2026
1.8 million

NYC hospital breach exposesd 1.8 million fingerprints, medical records

A big data breach has put the personal information of at least 1.8 million patients at risk. Hackers were in the healthcare network for months from November last year to February. They quietly copied very sensitive files before anyone found out.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

The stolen data includes medical records, payment info, ID numbers, and fingerprint scans that people can’t replace.

NYC Health + Hospitals is the biggest public-hospital system in the US. On May 18, 2026, they said a third-party vendor let in a breach that exposed personal and medical information of at least 1.8 million people.

What Happened

The Vendor Compromise:

NYC Health + Hospitals said the entry point was a vendor that could access their data, but they have not named the vendor yet. This vendor allowed the attackers to enter the system from November 25, 2025, to February 11, 2026, which is about two and a half months before NYC H+H found out on February 2, 2026, and shut it down. They discovered the problem nine days before the end of the intrusion, meaning they were trying to contain the issue while it was still happening. NYC H+H hired outside cybersecurity and data-analytics companies to assess the breach and find affected people.

The Notification Window

NYC H+H found the breach on February 2, 2026, and told the public on May 18, 2026, which took about 105 days. The HIPAA Breach Notification Rule usually says that notice must be given within 60 days if there is a risk to people. NYC H+H took longer than what HIPAA allows for a breach like this, especially since the breach lasted over 70 days before it was found. The HHS Office for Civil Rights will look closely at how long it took to notify after the breach was discovered.

NYC Health + Hospitals is the biggest public hospital system in the U.S. It has eleven hospitals for urgent care, five centers for long-term care, and many community clinics. Most of its patients rely on Medicaid, are undocumented, or have no other healthcare choices. This breach hurts the people who can least handle identity theft, fraud, and the costs of resetting their credentials. The exposure of fingerprints makes this worse. A set of 1.8 million fingerprints, once shared or sold, is permanently in the hands of bad actors. There is no way to reset this like a password.

Ross Filipek, CISO at Corsica Technologies told what makes this breach so alarming is not just the nearly two million people impacted, but the information stolen.

“Medical records, financial details, and even fingerprint data create a long-term problem for victims because, unlike a password, biometric data cannot simply be reset after exposure,” Filipek explained.

Related News:

Healthcare Data Breaches affect 88 Million Americans
Bangladeshi health institution hacked, leaked sensitive data
No more medical files, Gov.t plan to have your digital record
Criminal store thousand Bangladeshi’s finger print

CISA Adds Microsoft Exchange Server Flaw To Its KEV

Check Also

email

Data breach affects 14.2 million email logins across six ISPs

KDDI Corporation, a Japanese telecom company, revealed a data breach. Hackers got into one of …