Biometrics, diagnoses, and bank details exposed in major healthcare breach

### Executive summary: NYC Health + Hospitals reported a major provider-supply-chain data breach in which an unauthorized actor accessed parts of its network from approximately late November 2025 through February 2026, exposing detailed PII, medical and insurance records, financial/billing data, and biometric data (finger and palm prints) for at least 1.8 million individuals; the incident was detected Feb 2, 2026 and reported to HHS on Mar 24, 2026. The report highlights the systemic risk of third-party vendor compromises in healthcare, the long-term privacy and fraud risks from biometrics and medical data, and provides recommended mitigation steps and identity protection services for affected persons.