Millions of Americans could be at risk after a string of cyberattacks exposed sensitive personal and medical information held by healthcare providers across the country.
The stolen data includes Social Security numbers, medical records, health insurance details, financial account information, government-issued identification numbers and even biometric data such as fingerprints and palm prints.
The largest breach hit New York City Health and Hospitals, the nation’s biggest public healthcare system, with additional attacks targeting Western Orthopaedics in Colorado, Community Health Systems in California, Tri-Cities Gastroenterology in Tennessee and Integrated Pain Associates in Texas.
The incidents come as healthcare organizations continue to face relentless attacks from cybercriminals seeking highly valuable patient records.
Hackers reportedly spent months inside New York City’s healthcare network before the intrusion was discovered, quietly copying files containing medical and financial information belonging to at least 1.8 million patients.
More than 113,000 people had their protected health information potentially exposed after hackers gained access to systems operated by Western Orthopaedics.
Several of the attacks have been linked to cyber extortion groups that allegedly published stolen data after ransom demands were not met.
The breaches underscore the growing cybersecurity crisis facing the healthcare industry, where patient records have become some of the most sought-after targets for hackers.
The incidents come as healthcare organizations continue to face relentless attacks from cybercriminals seeking highly valuable patient records
Community Health Systems, which serves patients in California’s San Bernardino, Riverside and San Diego counties, disclosed a separate incident after suspicious activity was detected in its network around February 28, 2026.
An investigation found unauthorized access to systems containing names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, financial account information, driver’s license numbers, treatment records, prescription information, Medicare and Medicaid identification numbers, health insurance details and medical billing information.
The provider said it is reviewing its security policies and procedures. The total number of affected individuals has not yet been disclosed.
Tri-Cities Gastroenterology, which operates five locations across Tennessee, reported that files were exfiltrated from its network around December 11, 2025.
A review completed in April found the compromised files contained names, Social Security numbers, dates of birth, addresses, email addresses, telephone numbers, gender information and medical record numbers.
Although the practice said it had not identified any misuse of the stolen information, the Insomnia threat group claimed responsibility for the attack and later published the data after a ransom demand allegedly went unpaid.
Integrated Pain Associates, a Texas-based team of spine and pain specialists, also disclosed a security incident after identifying unauthorized access to its network in February 2026.
The ongoing investigation has found that names, addresses, dates of birth, driver’s license numbers, Social Security numbers, diagnosis information, medication records, health insurance information, treatment details and financial account information may have been exposed.
The provider has since implemented additional security measures and is offering complimentary credit monitoring services to affected patients.
The latest breaches come just months after one of the largest healthcare cyberattacks in recent memory affected New York City Health and Hospitals, the largest public healthcare system in the United States.
That breach compromised the personal information of at least 1.8 million patients after hackers reportedly spent months inside the network between November and February before the intrusion was detected.
Officials said the attack appeared to originate through a compromised third-party vendor, giving unauthorized actors access to highly sensitive files containing medical records, payment information, government identification numbers and even biometric data such as fingerprints and palm prints.
The organization warned that exposed information may also have included Social Security numbers, driver’s license numbers, taxpayer identification numbers, precise geolocation data, credit card information, financial account details and online account credentials.
NYC Health and Hospitals said it immediately launched an investigation with the assistance of a leading cybersecurity firm, reset compromised credentials, strengthened remote access controls and deployed additional monitoring systems designed to detect future attacks.
The health system urged affected individuals to closely monitor account statements, explanation-of-benefits documents and credit reports for signs of fraud, while recommending that anyone whose login credentials may have been compromised immediately change their passwords.
The string of attacks underscores the increasing value cybercriminals place on healthcare data, which often contains enough personal, financial and medical information to facilitate identity theft, insurance fraud and other forms of cybercrime.
