![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Olekcii_Mach_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Most iPhones Sold in the U.S. Will Be Made in India by 2026 [Report]](https://www.iclarified.com/images/news/97130/97130/97130-640.jpg)
![Apple to Shift Robotics Unit From AI Division to Hardware Engineering [Report]](https://www.iclarified.com/images/news/97128/97128/97128-640.jpg)
Major data breach at healthcare giant Yale Health affects 5.5 million people - here's what we know
Yale Health has confirmed suffering a cyberattack, with millions affected.
- Yale New Haven Health suffered a cyberattack in early March 2025
- A subsequent investigation showed the theft of sensitive data
- More than five million people could have been affected
A recent cyberattack on Yale New Haven Health (YNHHS) may have resulted in the theft of sensitive data of more than five million people.
The non-profit healthcare network confirmed the news in a legal notice published on its website, where it said it had identified “unusual activity” on its IT systems on March 8, 2025.
The subsequent investigation, conducted with the assistance of a third-party forensics expert, showed that “copies of certain data” were stolen.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)View Deal
Class action lawsuits incoming
“At no point did this incident impact our ability to provide patient care,” YNHHS said.
The organization then detailed the information that was stolen: people’s names, birth dates, addresses, phone numbers, email addresses, race and ethnicity, Social Security numbers, patient type information, and/or medical record numbers.
Electronic medical records and treatment information were not stolen, the organization stressed, and added that the crooks did not steal financial account or payment information.
While the notice did not discuss the number of affected individuals, BleepingComputer found a new entry on the US Department of Health and Human Services breach portal, where it says that 5,556,702 patients are affected.
The publication says that given the extent of the impact, class-action lawsuits are “already being prepared” by law firms representing impacted individuals who will seek reimbursement.
At press time, no threat actors assumed responsibility for the attack, and the data is yet to surface on the dark web.
Generally speaking, organizations in the healthcare industry are an attractive target for cybercriminals, due to the sensitivity of the files they generate, and the fact that many are still running outdated and neglected hardware and software.
In mid-March 2025, for example, both Sunflower Medical Group and Community Care Alliance confirmed suffering a cyberattack and losing data on some 300,000 people.
You might also like
- Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
