NYC Health + Hospitals recently faced a concerning data security incident involving its Care Management Agency Partner, NADAP. This breach, which potentially compromised the protected health information (PHI) of 5,086 patients, occurred around November 26, 2025, and was reported by NADAP on January 10, 2026.
The incident was initiated when NADAP discovered unauthorized access that affected sensitive patient data, including names, dates of birth, addresses, Medicaid numbers, clinical information related to health home care, and Social Security numbers. "The security of our patients’ information is our utmost priority, and we are taking this matter very seriously," said a representative from NYC Health + Hospitals.
Upon discovering the breach, NADAP acted swiftly by isolating and taking the impacted systems offline. They subsequently engaged third-party experts to investigate the unauthorized activity and bolster their cybersecurity measures. "Our team is working around the clock to ensure that the necessary steps are being taken to mitigate any further risks to patient data," the representative added.
%20(1)%20(1).webp)
Additionally, the breach has led to law enforcement notifications in line with standards for incidents of this nature. As part of their response, NADAP has made resources available on their website to educate affected individuals about monitoring their credit status and placing credit freezes as needed.
Affected individuals are encouraged to visit the NADAP website for guidance and support. They can also reach out directly to NADAP at 1-855-522-0352, available from 8:00 am to 8:00 pm Eastern Time, Monday through Friday, for any inquiries or concerns regarding the incident. "We understand that our patients may have questions, and we want to provide them with the information and support they need during this time," the representative stated.
In compliance with federal regulations, NYC Health + Hospitals has notified the Office for Civil Rights (OCR), which oversees unauthorized disclosures of protected health information. This action underscores the institution's commitment to transparency and adherence to legal obligations following such significant breaches.
This incident serves as a critical reminder of the importance of cybersecurity in healthcare settings where sensitive patient information is at stake. As organizations like NADAP continue to enhance their security protocols, the focus remains on restoring trust and ensuring the protection of patient data moving forward.
As the situation develops, stakeholders will be watching to see how NADAP and NYC Health + Hospitals implement changes and updates to their cybersecurity measures to prevent future breaches and safeguard patient information effectively.