Record Hospital Data Breach Hits Rhode Island
GoLocalProv News Team
Record Hospital Data Breach Hits Rhode Island
The breach report to the HHS’ Office for Civil Rights has indicated that up to 5,556,702 individuals had their protected health information compromised in the incident.
It marks the largest healthcare data breach to be reported in 2025, beating the "previous record of 4.7 million individuals set this month by Blue Shield of California," announced HIPPA Journal on Thursday.
GET THE LATEST BREAKING NEWS HERE -- SIGN UP FOR GOLOCAL FREE DAILY EBLASTYale New Haven Health is a nonprofit health system in New Haven, Connecticut, that includes five acute-care hospitals, a medical foundation, and multiple outpatient facilities and multispecialty centers in Connecticut, New York, and Rhode Island.
It marks the latest healthcare data breach in Rhode Island.
In 2023, CharterCARE — the third-largest hospital group in Rhode Island — was hit by hackers and demands for ransomware.
And, the state of Rhode Island saw more than 600,000 Rhode Islanders impacted in recent months.
Yale New Haven on Record
On Thursday, the healthcare group provided the following statement:
Yale New Haven Health (“YNHHS”) is committed to providing high-quality care to all of our patients, including maintaining the privacy and security of patient information. We recently experienced a data security incident that involved some of that information. This notice provides additional information about what happened, measures we have taken in response, and offers steps patients may consider taking.
What Happened? On March 8, 2025, we identified unusual activity affecting our Information Technology (IT) systems. We immediately took steps to contain the incident and began an investigation, which included assistance from external cybersecurity experts. We also reported the incident to law enforcement. The investigation determined that an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data.
At no point did this incident impact our ability to provide patient care.
What Information Was Involved? The information involved varied by patient, but may have included demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number.
YNHHS’ electronic medical record and treatment information were not involved or accessed, and no financial account or payment information was involved in this incident.
What YNHHS Is Doing & What Patients Can Do. YNHHS considers the health, safety, and privacy of patients our top priority. We are continuously updating and enhancing our systems to protect the data we maintain and to help prevent events such as this from occurring in the future.
Beginning on April 14th, we are mailing letters to patients whose information was involved. While, to date, YNHHS is not aware of any patient information being used for identity theft or fraud, as a precaution, we are offering complimentary credit monitoring and identity protection services to individuals whose Social Security number was involved. Patients are also encouraged to review statements they receive from their healthcare providers and immediately report any inaccuracies to the provider.
YNHHS has established a dedicated, toll-free call center that individuals may contact with questions about this incident. The call center is available at 1-855-549-2678, Monday through Friday, 9 am to 9 pm Eastern Time, excluding major U.S. holidays.
We take our responsibility to safeguard patient information incredibly seriously, and we deeply regret any concern this incident may have caused.