NY Blood Center Data Breach: 194,000 People Alerted
▼ Summary
– The New York Blood Center (NYBCe) experienced a data breach affecting nearly 194,000 people, with unauthorized access occurring between January 20 and 26, 2025.
– Compromised data included names, Social Security numbers, driver’s license or state ID numbers, bank account details, health information, and test results.
– NYBCe responded quickly to contain the incident and is offering free identity theft protection and credit monitoring services to affected individuals.
– The breach ranks as the sixth largest healthcare attack of 2025, contributing to nearly 6.7 million records breached across 89 confirmed incidents worldwide.
– No ransomware gangs have claimed responsibility for the attack, and it remains unclear whether a ransom was paid, though the average demand for such attacks is just under $627,000.
The New York Blood Center (NYBCe) has announced a significant data breach impacting nearly 194,000 individuals earlier this year. Between January 20 and January 26, 2025, an unauthorized party infiltrated the organization’s internal systems and exfiltrated sensitive files. This incident ranks among the most substantial healthcare data compromises recorded so far this year.
Information accessed during the breach includes names, Social Security numbers, driver’s license or state ID details, bank account information for direct deposit users, along with health records and test results. Upon discovering the intrusion, NYBCe took immediate steps to contain the situation and minimize disruption to its essential services.
Rebecca Moody, head of data research at Comparitech, noted that no ransomware group has publicly claimed responsibility for the attack. “Given that the breach occurred back in January, it’s improbable that a gang will come forward now,” she stated. “This could suggest that ransom negotiations were successful, though NYBCe has not confirmed this.” Moody also highlighted that the average ransom demand across 89 confirmed global healthcare attacks in 2025 has been just under $627,000.
Due to the fact that NYBCe does not retain contact details for all clinical patients, the organization is urging anyone who believes their information may have been exposed to call their dedicated helpline at 877-250-2848. All affected individuals are being offered complimentary identity theft protection and credit monitoring services through Experian.
Comparitech researchers have classified this breach as the sixth largest in the healthcare sector this year based on records affected. In total, nearly 6.7 million records have been compromised across 89 confirmed attacks targeting healthcare organizations worldwide in 2025. Other major incidents include breaches at DaVita, affecting 2.7 million people, Frederick Health with over 934,000 impacted, and Marlboro-Chesterfield Pathology, where 236,000 records were exposed.
A spokesperson for NYBCe emphasized, “We take the confidentiality and security of the information in our care very seriously. We sincerely regret the concern this incident has caused.” The organization continues to cooperate with law enforcement and cybersecurity experts as part of its ongoing response.
(Source: Info Security)
