- NYBCE suffered a cyberattack in January 2025, exposing sensitive patient and financial data
- Victims may include those with SSNs, ID numbers, or direct deposit information; exact count unknown
- NYBCE can’t notify all victims due to missing contact info, offers free identity monitoring instead
A US blood services nonprofit had admitted suffering a cyberattack in which it lost sensitive information on an undisclosed number of people.
New York Blood Center Enterprises (NYBCE) confirmed it spotted an intrusion on January 26, 2025, which prompted an investigation with the help of third-party forensics experts. The investigation determined that unidentified threat actors accessed its network a week earlier – on January 20 – and during that time snuck out sensitive patient information.
“In order to perform these services, we receive limited clinical information from healthcare providers and partners. Some of this information may have been involved in a cybersecurity incident we recently addressed,” the notice reads.
Notifying the victims
In a separate filing with the Office of the Maine Attorney General, NYBCE confirmed the incident, but did not list the exact number of affected individuals.
It did say that the data varies from person to person, but most likely includes their name, Social Security number (SSN), driver’s license or other government identification card number, and/or financial account information – if the person participated in direct deposit.
In the website announcement, the organization also said that “limited health information and test results” may have been stolen, too.
But the worst part is that NYBCE is not able to notify all of the victims properly:
“We do not collect or maintain contact information for individuals for whom we provide clinical services. As a result, we are unable to mail letters to individuals whose information may have been involved,” it further announced.
Therefore, people who believe they might have been affected are advised to call the organization’s confidential call center.
NYBCE is also offering a year’s worth of free credit and identity theft[1] monitoring via Experian’s IdentityWorksSM, and is said to be working on “enhancing security protocols”.
Via Tom’s Guide[2]
You might also like
References
- ^ identity theft (www.techradar.com)
- ^ Tom’s Guide (www.tomsguide.com)