Cassidy is demanding detailed briefings by mid-June on NYCHHC’s security protocols, whether the system adheres to best cyber practices from other industries, the timing of federal notification, breach investigation processes, and steps to assist those affected.

Context notes Cassidy’s history with investigations into Mamdani and his political standing within the Senate GOP after a recent primary, which frames the current oversight push.

The breach potentially spanned November 2025 through February 2026, compromising the personal data of more than 1.8 million people, including medical records, fingerprint data, and billing information.

In a public letter dated June 2026, Cassidy calls on NYC Health + Hospitals CEO Mitchell Katz to answer questions about the data breach at the city’s largest municipal health system, noting that hackers reportedly went undetected for more than three months.

Cassidy has pushed for stronger healthcare cybersecurity policy, endorsing measures like the Health Care Cybersecurity and Resilience Act and continuing to scrutinize breaches linked to Mamdani.

NYCHHC says it took steps to reduce risk, including resetting compromised credentials, tightening detection rules, updating remote-access policies, informing staff, the public, and authorities, and offering credit monitoring to those affected.