Nearly 200,000 people hit in New York Blood Center data breach — names, IDs, SSNs and more exposed

At this time, there are no details about who is responsible for the breach as no cybercriminal group has taken credit. Likewise, NYBCe has not said if it has paid a ransom nor has it shared information about how its systems were breached. A spokesperson for the organization said that it took immediate actions to contain the threat and to help reduce disruption to its services upon learning of the breach.

The NYBCe website states they do “not collect or maintain contact information for individuals for whom we provide clinical services. As a result, we are unable to mail letters to individuals whose information may have been involved.” That means that people who have been patients whose data was shared with the Blood Center should call them at 877-250-2848 to confirm whether or not their data was compromised. The Blood Center will be offering victims free access to one of the best identity theft protection services through Experian which also includes credit monitoring, with additional information on the breach available in a filing with the Vermont Attorney General’s office.

This breach is the fourth largest ransomware attack of the year based on the number of records compromised, according to researchers from Comparitech. They’ve confirmed 60 ransomware attacks in 2025 against various hospitals, clinics and direct care providers, exposing over 5.4 million records.

What to do after a data breach

Anyone who has been involved in a data breach should make sure to invest in an identity theft protection service before it's too late. Doing so before falling victim to a data breach is ideal as you'll be able to take full advantage of the identity theft insurance offered by one of these services to recover lost funds but they also have experts on hand to help you get your identity back.

In this case, it's important to be on high alert for phishing attempts – specifically look out for any emails that sound urgent and want you to “act now” to fix an issue, to provide additional personal or financial details, or need you to correct an account problem. It's also important to stay vigilant against social engineering attacks and to monitor your accounts for suspicious activity. The best way to stay safe against phishing is to avoid clicking on any links, QR codes or attachments in emails or messages from unknown senders.

From there, you want to make sure you're protected from online scams and hacks by using one of the best antivirus programs on all your devices, and when you're online, use protections like a VPN or a hardened browser, which can help keep you and your devices safe from malware and other online threats.

Unfortunately, this likely won't be the last cyberattack and data breach we see at a healthcare provider this year. Hackers and other cybercriminals have ramped up their attacks targeting large organizations and businesses. Regardless of whether or not you do business with a targeted company directly, your personal data could still end up in the hands of hackers. This is why it's important to take action immediately instead of waiting after a data breach and why we so strongly recommend subscribing to an identity theft protection service like LifeLock or Aura.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!

More from Tom's Guide

• Samsung security flaw could let hackers remotely control your device — update your Galaxy phone right now
• Google just took down 224 malicious apps with 38 million installs in massive SlopAds fraud campaign — how to stay safe
• The TikTok ban saga appears to finally be over as reports suggest a deal has been done