Yale New Haven Health Investigates Cybersecurity Incident, Works to Mitigate Impact

NEW HAVEN, Conn. [March 12, 2025] – Yale New Haven Health (YNHH) is actively investigating a cybersecurity incident that affected IT services across its health system over the weekend. The healthcare organization is working with federal authorities and the cybersecurity firm, Mandiant, to assess the situation.

“This issue was immediately identified by our Digital and Technology Solutions team, who quickly began working to mitigate the issue and launched an investigation into its source,” Dana Marnane, Director of Public Relations for Yale New Haven Health wrote in an email, per The New Haven Register.

At this time, YNHH reports that the incident has not compromised its ability to provide patient care. The patient portal and electronic medical records system have remained operational, but intermittent internet and application connectivity issues have persisted as IT teams work to rebuild access to the affected programs.

“This is purposeful and part of our comprehensive protocols for mitigating cybersecurity events,” Marnane added. “We apologize for any inconvenience or delays these issues may cause, and we thank our staff, patients, and community members for their patience as we work to restore full access across our systems. We will continue to provide updates as appropriate.”

Should the investigation determine that patient or employee information has been affected, YNHH will directly notify the impacted individuals in accordance with legal obligations.

What to Do If You’re Impacted by a Healthcare Data Breach

If you are concerned that your personal or medical information may have been compromised, Charles IT recommends taking the following steps:

• Monitor Your Accounts: Regularly review your medical records, insurance statements, and financial accounts for any unauthorized activity.
  
  
• Enable Fraud Alerts: Contact credit bureaus to place a fraud alert on your accounts to help detect potential identity theft.
  
  
• Change Passwords: Update passwords for patient portals, healthcare apps, and other sensitive accounts to enhance security.
  
  
• Beware of Phishing Attempts: Be cautious of unsolicited emails, phone calls, or messages requesting personal information.

How to Prevent a Data Breach

Healthcare organizations can take proactive measures to minimize the risk of cybersecurity incidents like this one, including:

• Implementing Security Protocols: Regularly update and patch systems to close vulnerabilities.
  
  
• Security Awareness Training: Ensure staff members are educated on best practices, including recognizing phishing attempts and securing sensitive data.
  
  
• Multi-Factor Authentication (MFA): Require MFA for access to critical systems to add an extra layer of security.
  
  
• Regular Security Assessments: Conduct periodic cybersecurity audits and penetration testing to identify and address weaknesses.
  
  

For more information on protecting your organization from cyber threats, explore our IT Security Services. You can also sign up for a free Dark Web Scan now, if you're concerned that your information has already been compromised.