Notification of Possible PHI Disclosure
Mar 10, 2026
NYC Health + Hospitals was notified on January 27, 2026, that one of its Care Management Agency Partners, NADAP, which provides care coordination services to individuals who receive services under NYC Health + Hospitals’ Lead Health Home, experienced a data security incident that resulted in the unauthorized access to protected health information (PHI) of 5,086 NYC Health + Hospitals patients. The incident occurred on or around November 26, 2025, and was discovered by NADAP on January 10, 2026. Upon discovery, NADAP immediately isolated and took the impacted systems offline. NADAP also hired third-party experts to address this situation, investigate the unauthorized activity, and further secure their systems to protect the affected individuals’ information. They also notified law enforcement.
The PHI accessed included patients’ names, dates of birth, addresses, Medicaid numbers and clinical information related to their health home care provided by NADAP, as well as their Social Security numbers.
NADAP has also provided information on their website regarding the incident, including how affected individuals can monitor their credit and place a credit freeze. Affected individuals are invited to visit the NADAP website at https://www.nadap.orghttps://hhinternettest.blob.core.windows.net/uploads/2026/02/NADAP_-Website-Notice.pdf or call NADAP toll free 1-855-522-0352, from 8:00 am to 8:00 pm (Eastern Time) Monday through Friday, with any questions or related concerns.
Consistent with federal regulatory requirements, NYC Health + Hospitals has notified the Office for Civil Rights (OCR), the federal oversight agency for unauthorized disclosures of PHI.
For more information, please contact pressoffice@nychhc.org.
