Recently, the US Department of Health and Human Services (HHS) updated its healthcare data breach tracker with several significant breaches, impacting millions of individuals across the United States. These incidents, although disclosed over the past months, have only now revealed the full extent of those affected.
Major Breaches Uncovered
The New York City Health and Hospitals Corporation has reported the largest data breach, impacting approximately 1.8 million people. Detected on February 2, 2026, the breach occurred due to unauthorized access via a third-party vendor between November 2025 and February 2026. The compromised data includes personal, health insurance, medical, biometric, and financial information.
In another significant incident, Erie Family Health Centers in Chicago identified a breach in January. Hackers accessed their network between December 10, 2025, and late January 2026. The affected information comprises names, phone numbers, email addresses, social security numbers (SSNs), driver’s license numbers, passport numbers, online credentials, financial details, and medical information. The breach impacted 570,000 individuals according to the HHS tracker.
Additional Breach Reports
Florida Physician Specialists experienced a breach affecting 276,000 individuals. Recorded in November 2025, hackers accessed patient data including names, SSNs, driver’s license numbers, and financial and medical information.
Similarly, Coastal Carolina Health Care in North Carolina and Western Orthopaedics in Colorado each reported breaches affecting about 110,000 people. Coastal Carolina noted that the breach was detected over a year ago, indicating potential delays in reporting.
Discrepancies in Reported Numbers
Nacogdoches Memorial Hospital in Texas has a reported breach impacting 2.5 million individuals, though earlier reports indicated 250,000, suggesting a possible error in the figures. Additionally, a minor dermatology clinic in Arizona initially reported a breach affecting 3 million, later corrected to 500 in the HHS tracker.
Currently, none of these breaches have been claimed by any known cybercrime organizations, raising questions about the motives and perpetrators behind these attacks.
As investigations continue, the healthcare industry faces increasing pressure to enhance cybersecurity measures to protect sensitive patient information. The implications of these breaches underscore the critical need for robust data protection strategies.
