Caribbean Medical Center Data Breach Affects 92,000

Hospital Caribbean Medical Center, a 25-bed acute care hospital located at 151 Ave. Osvaldo Molina in Fajardo, Puerto Rico, disclosed a cyberattack that affected approximately 92,000 individuals in the United States.

The hospital operates 24 hours a day, every day of the year, providing emergency services, inpatient care, laboratory and X-ray services, and medical specialties including internal medicine, cardiology, pediatrics and obstetrics. The facility serves pediatric, adult and geriatric patients and also includes an on-site pharmacy and outpatient radiology services.

The breach has been disclosed to the U.S. Department of Health and Human Services. The hospital posted a press release on its website dated Feb. 8, 2026, announcing that it had contained a cyberattack detected in part of its information systems. The press release was published in Spanish.

What happened in the Hospital Caribbean Medical Center data breach

The incident was a ransomware attack that targeted part of the hospital's information systems.

According to the hospital's press release, the hospital's institutional monitoring systems identified suspicious activity. This detection allowed staff to activate their internal security and response protocols right away.

Upon detection, the hospital implemented containment and isolation measures in a timely manner with the support of external cybersecurity experts, the press release stated. The hospital reported that following these efforts, its network had returned to normal operations. The press release did not provide the specific date or time period during which the initial cyberattack took place.

At the time of the Feb. 8, 2026, announcement, the hospital stated that a technical analysis was being conducted as part of the standard process for this type of event to validate the full scope of the incident. The press release did not specify the types of personal information or protected health information that may have been compromised in the attack.

On Feb. 17, 2026, nine days after the hospital's public announcement, a ransomware group called The Gentlemen posted a claim on the dark web through the Tor network. The group stated it had obtained the hospital's data and intended to publish the stolen information within nine to 10 days.

Hospital Caribbean Medical Center's response to the breach

According to its press release, the hospital notified the relevant authorities about the incident and has maintained active collaboration with specialists supporting the ongoing investigation and evaluation.

The hospital said that additional information and official updates would be made available on its website. However, the press release did not include any mention of credit monitoring services, identity protection offerings or a dedicated call center for individuals who may have been affected by the breach at this time.

Steps to take if your information was exposed

• Monitor your credit reports by requesting free copies at AnnualCreditReport.com and reviewing them for any unfamiliar accounts or suspicious activity.
• Consider placing a fraud alert or credit freeze with Equifax (1-800-525-6285), Experian (1-888-397-3742) and TransUnion (1-800-680-7289) to help protect against potential identity theft.
• Review your health insurance statements carefully for any medical services, prescriptions or claims you do not recognize, which could be a sign of medical identity theft.
• Request copies of your medical records from the hospital to check that no unauthorized changes or additions have been made to your file.
• Be cautious of phishing attempts that reference Hospital Caribbean Medical Center or this data breach by name, as scammers sometimes use real breach notifications to trick people into giving away personal information.
• Contact the hospital directly at 787-801-0081 if you have questions about whether your information was involved in the incident.