The New York Blood Center Enterprises (NYBCe) has reported a major cybersecurity incident that compromised the personal information of nearly 194,000 people. The breach occurred between January 20 and January 26, 2025, when an unauthorized party gained access to the organization’s network and extracted copies of certain files.
What information was taken
The investigation confirmed that sensitive details were involved in the leak. These included names, Social Security numbers, driver’s license and other state-issued identification numbers, as well as bank account information for individuals who received payments by direct deposit. In some cases, health data and medical test results were also exposed.
NYBCe has not disclosed how the attackers infiltrated its systems, whether ransomware was used, or if any ransom demand was made. No known criminal group has claimed responsibility for the breach so far.
Why affected individuals may not receive notices
Unlike many healthcare providers, NYBCe does not maintain contact information for all of its patients and service users. As a result, it cannot directly notify every individual whose records were accessed. Instead, the organization has urged anyone who has received services to call a dedicated helpline at 877-250-2848 to confirm whether their data was compromised.
To support those impacted, NYBCe is offering complimentary access to Experian’s identity protection and credit monitoring services for one year. Additional details are available through a filing with the Vermont Attorney General’s office.
Scale of the incident
Cybersecurity researchers note that this is among the largest healthcare-related breaches of 2025. Data compiled by Comparitech shows that the incident ranks as the fourth-largest ransomware-related exposure this year in terms of records affected, with healthcare organizations remaining frequent targets. By mid-2025, more than 60 attacks on hospitals, clinics, and direct care providers had been recorded, exposing over 5 million patient records.
Steps individuals should take
Experts emphasize that people potentially affected by this breach should take immediate precautions:
1. Contact NYBCe: Call the helpline to verify if your records were involved.
2. Use identity protection tools: Enroll in the free Experian services being offered, and consider placing a credit freeze or fraud alert with the credit bureaus.
3. Stay alert for scams: Watch for phishing emails or phone calls pretending to be official messages. Avoid clicking links, opening attachments, or sharing personal information unless you can confirm the source.
4. Monitor financial accounts: Check bank statements and health insurance records regularly for unusual charges or activity.
5. Adopt cybersecurity practices like second nature: Use strong passwords, enable two-factor authentication, and keep antivirus software updated.
The breach at NYBCe is a testament to the growing threat facing healthcare organizations, which often hold large amounts of sensitive data but face challenges in securing complex IT systems. Security experts warn that similar incidents are likely to continue, making it critical for organizations to improve defenses and for individuals to remain vigilant about protecting their personal information.
