NYC Health + Hospitals Breach: The Biometric Data You Can't Take Back - 2 Minute Drill

In late 2025, cyber attackers slipped into New York City Health + Hospitals through a third-party vendor and stayed undetected for nearly three months. When they left, they took more than records and Social Security numbers. They took fingerprints and palm prints -- biometric data belonging to some of the most vulnerable patients in the country.

You can cancel a credit card. You can get a new password. You can even navigate a stolen SSN. You cannot get new fingerprints. What walked out of that network in November is permanent.

Drex uses this breach to ask a question every health system needs to answer right now: do you actually know where your biometric data lives, who can reach it, and what protections are in place? Badge readers, palm vein scanners, EHR workstations -- the collection has grown fast. The mapping hasn't kept up.

Remember, Stay a Little Paranoid