NYC Health + Hospitals was notified that one of its business associates, Solventum Health Information Systems (Solventum), experienced a data security incident that affected the protected health information (PHI) of certain NYC Health + Hospitals patients. The incident, which involved the unauthorized access to PHI by a Threat Actor, occurred on or around March 29,2026. Solventum notified NYC Health + Hospitals of the disclosure on April 21, 2026. The PHI accessed includes patients’ first and last names, addresses, dates of birth, medical record numbers, medical history, and diagnoses.
Upon discovery of the incident, Solventum immediately engaged forensic experts to assess the nature and scope of the incident. The incident has not affected Solventum’s core production systems or connections with NYC Health + Hospitals, and has not disrupted their daily business operations. On April 19, 2026, however, the threat actor posted the accessed patient information to the Dark Web.
Consistent with federal regulatory requirements, NYC Health + Hospitals has notified the Office for Civil Rights (OCR), the federal oversight agency for unauthorized disclosures of PHI and the Attorneys General of New York, Connecticut and Puerto Rico of data breaches.
Milestone Marked with Topping Out Ceremony for BayCare Hospital Manatee
Making AI Work for Predictive Maintenance
Thomas Jefferson University Unveils Plans for Sidney Kimmel Medical College in Allentown, PA
Aspirus Chippewa Falls Hospital and Clinic to Open in September