Over 522,000 Patients Impacted by Ransomware Attacks on Puerto Rico Healthcare Providers

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital had a ransomware attack which affected over 500,000 patients living in Bayamón, Puerto Rico.

A press release on July 19, 2019 explained the discovery by the medical center and associated hospital of the ransomware attack on their computer networks on May 21, 2019. A big selection of files was encrypted, which kept the hospital staff from accessing patient information for a short period of time.

As a safety measure, the healthcare providers notified about 522,000 present and former patients with regards to the ransomware attack. The investigators of the breach confirmed the impact of the attack on patient information, but there was no proof given with regards to the unauthorized access or theft of data.

The potentially compromised data contained patient names, clinical information, financial details, demographic data, and for certain patients, diagnosis information, Social Security numbers, and birth dates.

The ransomware attack made the data briefly unavailable, nevertheless, all patient data are restored with no lost data. It is not known if any ransom was paid by the providers to acquire the encryption unlock keys or if the systems were restored using backup data.

The Department of Health and Human Services’ Office for Civil Rights had received the ransomware attack report as two different breaches. There were 99,943 patients of Puerto Rico Women and Children’s Hospital and 422,496 patients of Bayamón Medical Center impacted.

The incident is the most recent case in a sequence of ransomware attacks on healthcare organizations. Malwarebytes data revealed a growth of ransomware attacks by 195% in quarter one of 2019. A new Coveware report shows a 184% growth in ransomware attacks in quarter two. Carbon Black recently released the results of a survey showing that 66% of healthcare companies experienced a ransomware attack last year.

Ransomware attacks will continue unless attackers find it unprofitable or find something else that is more profitable. Because attackers get ransom payments in tens of thousands of dollars, most likely attacks will grow far worse.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA