Yale New Haven Health System, a Connecticut-based health system affiliated with Yale School of Medicine, detected unauthorized network access on March 8, 2025. The health system engaged Mandiant for incident response, contained the breach within days, and announced it publicly on March 11. Patient data was exfiltrated but the electronic medical record system was not accessed. At least 5.5 million patients were affected — the largest US healthcare breach reported in 2025 at the time of disclosure. Stolen data included names, addresses, phone numbers, email addresses, dates of birth, race/ethnicity, patient types, medical record numbers, and for some individuals Social Security numbers. No financial data was compromised. No ransomware group claimed responsibility. An $18 million settlement was proposed to resolve resulting class action lawsuits.