Notification of Unauthorized Access to PHI
Jun 11, 2026
NYC Health + Hospitals was notified that one of its Business Associates, Solventum Health Information Systems (Solventum), experienced a data security incident that affected the protected health information (PHI) of certain NYC Health + Hospitals patients. The incident, which involved the unauthorized access to PHI by a Threat Actor, occurred on or around March 29,2026. Solventum notified NYC Health + Hospitals of the disclosure on April 21, 2026. The PHI accessed includes patients’ first and last names, addresses, dates of birth, medical record numbers, medical history, and diagnoses.
Upon discovery of the incident, Solventum immediately engaged forensic experts to assess the nature and scope of the incident. The incident has not affected Solventum’s core production systems or connections with NYC Health + Hospitals, and has not disrupted their daily business operations. On April 19, 2026, however, the Threat Actor posted the accessed patient information to the Dark Web.
Solventum has provided additional information regarding the incident. Affected patients are invited to visit https://response.idx.us/solventum or call toll free 1-855-830-9403, from 9:00 am to 9:00 pm (Eastern Time) Monday through Friday, with any questions or related concerns.
Consistent with federal regulatory requirements, NYC Health + Hospitals has notified the Office for Civil Rights (OCR), the federal oversight agency for unauthorized disclosures of PHI and the Attorneys General of New York, Connecticut, and Puerto Rico of data breaches.
For more information, please contact pressoffice@nychhc.org.