ON 23 February 2026, HHS received a breach submission from Weill Cornell Medicine reporting that 516 patients were affected by an incident involving Unauthorized Access/Disclosure of data in Electronic Medical Records.
According to Weill Cornell Medicine, an employee who is no longer with the organisation briefly accessed patient records for reasons unrelated to their job duties and without authorisation, with the information obtained limited to contact information and the reason for the visit; no other clinical or financial information was accessed. The affected patients and appropriate authorities have been notified, and the organisation says it has established additional measures to help prevent a recurrence.
DataBreaches[.]net notes that the article suggests the biggest potential impact could be scrutiny by HHS of the hospital’s risk assessment and its pre‑incident plan, which could be time‑consuming and costly for the hospital. The piece describes the incident as an insider breach, with the claim that the employee’s actions were inappropriate and actionable.