The New York Blood Center (NYBCe) has confirmed that nearly 194,000 people were affected by a data breach earlier this year.
According to the organization, an unauthorized party accessed its internal systems between January 20 and January 26 2025, and copied certain files.
The compromised information includes names, Social Security numbers, driver’s license or state ID numbers, bank account details for those using direct deposit, health information and test results.
NYBCe said it moved quickly to contain the incident and limit disruptions to its services once the breach was discovered.
“To date, no gangs have claimed the attack on NYBCe, and, with the attack happening back in January 2025, it’s unlikely we’ll see a claim from a gang now,” said Rebecca Moody, head of data research at Comparitech.
“This could mean that ransom negotiations were successful, but NYBCe hasn’t confirmed this. Across the 89 confirmed attacks we’ve noted for this year, the average ransom demand has been just under $627,000.”
Read more on ransomware attacks targeting healthcare providers: KillSec Ransomware Hits Brazilian Healthcare IT Vendor
Those who believe their data may have been compromised are urged to call NYBCe at 877-250-2848, since the organization does not keep contact information for some of its clinical patients and cannot notify them directly.
Affected individuals are being offered free identity theft protection and credit monitoring services through Experian.
Breach Among the Largest in 2025
Researchers at Comparitech noted that the attack ranks among the most significant incidents in the healthcare sector this year.
“This attack becomes the 89th confirmed attack on a healthcare company worldwide this year so far,” Moody said.
“Across these attacks, nearly 6.7 million records are known to have been breached, with this attack on NYBCe becoming the sixth largest based on records affected.”
Other major breaches this year include:
-
DaVita, which reported 2.7 million people affected in March
-
Frederick Health, with more than 934,000 people impacted in January
-
Marlboro-Chesterfield Pathology, where 236,000 records were exposed
“Maintaining the confidentiality and security of the information in our care is something we take very seriously,” an NYBCe spokesperson said.
“We sincerely regret the concern this has caused.”
