SEVERAL major healthcare data breaches were added to the US Department of Health and Human Services (HHS) tracker in recent days, according to the tracker. The largest incident involves NYC Health and Hospitals Corporation, with a breach detected on 2 February 2026 after attackers accessed systems from November 2025 to February 2026 via a third-party vendor; the exposed data include personal, health insurance, medical, biometric, and financial information, affecting 1.8 million individuals.
Erie Family Health Centers in Chicago was also disclosed, with attackers having access from December 10, 2025, to late January 2026, affecting 570,000 individuals and exposing names, contact details, SSNs, driver’s licence numbers, credentials, financial and medical information. Florida Physician Specialists reported a breach affecting 276,000 people, with access to the network for two days in November 2025.
Coastal Carolina Health Care and Western Orthopaedics each reported about 110,000 affected, while Nacogdoches Memorial Hospital in Texas affects 2.5 million, though previous figures had shown 250,000. None of the breaches appears to have been claimed by known cybercrime groups, and some figures cited in the tracker may be updated as investigations continue.