Cyber Incident Victim: Yale New Haven Health
Date:
Mar 2025
Location:
United States of America
Summary
Yale NewHaven Health identified an issue affecting IT services across its health system and promptly engaged its Digital and Technology Solutions team to mitigate the problem and launch an investigation. Working with Mandiant, the investigation determined the issue was a cybersecurity incident, prompting notification of federal authorities. While the patient portal and electronic medical records remained operational, intermittent internet and application connectivity issues persisted as the team rebuilt access following established mitigation protocols. Patient care was not significantly affected, and the organization continues to restore full system access while keeping staff and patients informed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Over the weekend of March 8‑9, 2025, Yale New Haven Health identified an issue affecting IT services across its health system. The Digital and Technology Solutions team immediately identified the issue, began working to mitigate it, and launched an investigation into its source. As part of the response, the health system engaged Mandiant, an internationally renowned cybersecurity firm, to assist with the investigation. The joint investigation determined that the issue was a cybersecurity incident. Yale New Haven Health notified federal authorities of the incident. Mandiant is conducting a thorough investigation into the full scope of the event, including any potential exposure of employee or patient data.
Throughout the incident, the patient portal and electronic medical records continued to operate normally. The health system stated that the incident did not affect its ability to provide patient care. However, intermittent internet and application connectivity issues persisted as teams rebuilt access to programs. These connectivity disruptions were described as purposeful and part of the organization's comprehensive protocols for mitigating cybersecurity events. Yale New Haven Health apologized for any inconvenience or delays caused by the issues. The organization thanked its staff, patients, and community members for their patience and committed to keep them apprised of updates as appropriate.