NYC Health + Hospitals Data Breach Affects 5k Patients

NYC Health + Hospitals experienced a data breach involving one of its vendors’ subcontractors, Renkim, which provides electronic, print, and mail processing services. The cybersecurity incident took place on or around March 2, 2025, and was discovered by Renkim on March 3, 2025.

Renkim notified NYC Health + Hospitals on April 9, 2025, that the data breach compromised the protected health information (PHI) of 5,728 patients. Notably, this figure was later revised to 5,086 on March 10, 2026.

Exposed information included names, addresses and NYC Health + Hospitals patient status.

The data breach was disclosed to the U.S. Department of Health and Human Services on June 6, 2025. NYC Health + Hospitals published a Notification of Possible PHI Disclosure on its website on June 6, 2025.

NYC Health + Hospitals' response

NYC Health + Hospitals notified affected patients in addition to required federal and state disclosures. Renkim, the vendor involved in the data breach, published a notice of the data security incident on their website and set up a dedicated phone line at 866-461-3496, available Monday through Friday from 8 a.m. to 8 p.m. Eastern Time.

If you receive notification from NYC Health + Hospitals or Renkim about this breach, you may want to:

• Carefully review any notice or communication you receive from NYC Health + Hospitals or Renkim and sign up for free credit monitoring services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.