NYC Health + Hospitals Data Breach Affects 5,728 Patients

NYC Health + Hospitals experienced a data breach involving one of its vendors’ subcontractors, Renkim, which provides electronic, print, and mail processing services. The cybersecurity incident took place on or around March 2, 2025 and was discovered by Renkim on March 3, 2025.

Renkim notified NYC Health + Hospitals on April 9, 2025 that the data breach compromised the protected health information (PHI) of 5,728 patients. Exposed information includes names, addresses and NYC Health + Hospitals patient status.

The data breach was disclosed to the U.S. Department of Health and Human Services on June 6, 2025. NYC Health + Hospitals published a Notification of Possible PHI Disclosure on its website on June 6, 2025.

NYC Health + Hospitals' response

NYC Health + Hospitals notified affected patients in addition to required federal and state disclosures. Renkim, the vendor involved in the data breach, published a Notice of Data Security Incident on their website and set up a dedicated phone line at 866-461-3496, available Monday through Friday from 8 a.m. to 8 p.m. Eastern Time.

If you receive notification from NYC Health + Hospitals or Renkim about this breach, you may want to:

• Carefully review any notice or communication you receive from NYC Health + Hospitals or Renkim and sign up for free credit monitoring services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more about the organization, visit the NYC Health + Hospitals website.