The chair of the U.S. Senate health committee, Senator Bill Cassidy, is actively seeking clarity from officials in New York City regarding a substantial cyber breach that occurred in 2025. This breach involved New York City Health + Hospitals, the largest municipal public health system in the United States, impacting approximately 1.8 million individuals. This unprecedented hacking incident has raised significant concerns about the cybersecurity measures in place to protect sensitive patient data.

In a letter dated June 4, 2026, Senator Cassidy, a Republican from Louisiana and a trained physician, directed his inquiries to both Mitchell Katz, the CEO of NYC Health, and Mayor Zohran Mamdani. He is particularly interested in understanding the details surrounding the 2025 health data breach, as well as the cybersecurity protocols that were operational before this incident unfolded.

Senator Cassidy emphasized the critical nature of cybersecurity, given the increasing sophistication of cyberattacks, particularly those employing advanced technologies like artificial intelligence. “At a time when hostile actors are increasingly using sophisticated tactics by leveraging artificial intelligence, it is essential for the healthcare sector to take meaningful steps to safeguard patient and consumer information,” he asserted.

With NYC Health + Hospitals serving over one million patients annually, Cassidy expressed grave concerns about the risks posed to the broader population served by this system. He has requested a detailed response to his questions by June 18, aiming to gather more information regarding the types of security measures—both cyber and physical—that were in place to defend against potential cyber threats. He is keen to learn about the best practices adopted by the organization, the timeline of events leading to the breach, and any planned remedial actions intended to enhance security moving forward.

In an official statement released on March 24, NYC Health acknowledged that the breach was facilitated by a vulnerability resulting from a security lapse at a third-party vendor. However, the identity of this vendor has not been disclosed to the public. This lack of transparency has raised further questions regarding accountability and the overall landscape of cybersecurity within the organization. The breach potentially compromised a wide array of sensitive information, including health insurance details, medical history, billing claims, Social Security numbers, and biometric data, all of which are vital for both patients and the institution.

NYC Health + Hospitals, which operates 70 care locations across the city, stands as a crucial safety-net healthcare provider in New York. Following the breach, neither the healthcare organization nor the mayor’s office has publicly addressed the senator’s inquiries or offered additional insights into the situation. Cassidy’s office has also not responded to requests for further comments or clarifications.

This recent investigation echoes a similar situation from the prior year, during which Cassidy reached out to Aflac, an insurance giant, in relation to a cyberattack affecting 22.7 million individuals. In his communication with NYC Health, Cassidy recognized that cybersecurity threats pose one of the most significant challenges currently facing the healthcare sector.

As an elected senator since 2014, Cassidy is among a select group of 20 physicians serving in the U.S. Congress. Despite recently losing his primary bid for re-election backed by former President Donald Trump, he continues to advocate vigorously for better cybersecurity measures in healthcare, underscoring the pressing need for robust defenses against the growing tide of cyber threats in this vital sector.