New York public health provider NYC Health + Hospitals says a months-long data breach that allowed hackers to steal personal data, medical records, and fingerprints scans affects at least 1.8 million people.
NYCHHC is the largest public health system in the United States and provides healthcare to over a million New Yorkers, the majority of whom are uninsured or receive state healthcare benefits, such as Medicaid.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thousands of official government email addresses, including plaintext passwords available online
April 11, 2026
The official email accounts of public officials all over the world have been leaked online, with many exposed alongside their plaintext passwords, making it trivial for an attacker to breach their accounts. Researchers at Proton scoured the darker side of the internet for the publicly available email addresses of government officials – and discovered thousands of ...
- FBI Atlanta, Indonesian Authorities Take Down Global Phishing Network Behind Millions in Fraud Attempts
April 10, 2026
In a first-of-its-kind joint cyber investigation, the FBI Atlanta Field Office and Indonesian law enforcement authorities have dismantled a sophisticated global phishing operation that enabled cybercriminals to steal thousands of victims’ account credentials and attempt more than $20 million in fraud. The operation centered on the W3LL phishing kit, a widely used cybercrime tool that allowed ...
- France to ditch Windows for Linux to reduce reliance on US tech
April 10, 2026
France is trying to move on from Microsoft Windows. The country said it plans to move some of its government computers currently running Windows to the open source operating system Linux to further reduce its reliance on U.S. technology. Linux is an open source operating system that is free to download and use, with various customized ...
- Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
April 6, 2026
The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates high-velocity ransomware campaigns that weaponize N-days, targeting vulnerable, web-facing systems during the window between vulnerability disclosure and widespread patch adoption. Following successful exploitation, Storm-1175 rapidly moves from initial access to data exfiltration and deployment of Medusa ransomware, often within a few days and, ...
- Iran targets M365 accounts with password-spraying attacks
March 31, 2026
Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting bomb-damage assessment following missile strikes. Tel Aviv-based Check Point Research on Tuesday said that the attackers used multiple source IP addresses to target numerous Microsoft 365 accounts, affecting ...
- Iran threatens to start attacking major US tech firms on April 1
March 31, 2026
Iran’s Islamic Revolutionary Guard Corps warned Tuesday that it plans to begin attacking more than a dozen American companies across the Middle East on Wednesday in retaliation for the killing of Iranian citizens in the ongoing war with the US and Israel. The list of companies includes Apple, Google, IBM, Intel, Microsoft, Tesla, and Boeing, which ...