PHI of Over 522,000 Puerto Rico Patients Impacted by Ransomware Attack

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital were attacked by ransomware, which affected more than half a million patients from Bayamón, Puerto Rico.

A press release on July 19, 2019 mentioned the discovery of the installed ransomware on the computer systems of the medical center and associated hospital on May 21, 2019. The ransomware encrypted the files in the hospital’s computer systems and so no staff could access any patient information for a short period of time.

The healthcare providers notified 522,000 patients, both current and past, regarding the ransomware attack. It was confirmed by the investigators that the attack affected patient data, however, they did not find any proof of unauthorized data access or theft.

The following information of patients were potentially compromised: patient names, clinical details, demographic information, financial details, and the diagnosis, dates of birth, and Social Security numbers for some patients.

The ransomware attack momentarily made patient data inaccessible. Nonetheless, all patient data have now been recovered and no data was lost. It is not known if there was ransom payment made by the providers to retrieve the keys to unlock encryption or if the systems were rebuilt by restoring the backup data.

The healthcare organizations have notified the Department of Health and Human Services’ Office for Civil Rights regarding the ransomware attack. There were two distinct breaches reported. One had 422,496 Bayamón Medical Center patients affected, while the other had 99,943 Puerto Rico Women and Children’s Hospital patients affected.

Healthcare companies have encountered a series of ransomware attacks and this is the most recent one. Malwarebytes pointed out that ransomware attacks increased by 195% in the first quarter of 2019. In a Coveware report, ransomware attacks increased by 184% in the second quarter. Carbon Black recently published its survey revealing that 66% of healthcare providers had experienced a ransomware attack last year.

If ransomware attacks end up unprofitable or hackers learn of another way to be more profitable, perhaps ransomware attacks would diminish. But considering that attackers are making lots of money from ransom payments, you can expect that there will be even more attacks down the road.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at