Hospital Español Auxilio Mutuo de Puerto Rico recently revealed a data breach potentially impacting patients. On September 23, 2023, the Department of Homeland Security alerted the hospital that it was likely targeted by a criminal cyber group. After two months of investigation, the hospital confirmed unauthorized access but could not determine the exact scope of data exfiltration. Further inquiries limited the potentially affected patients to those who visited the hospital between August 2022 and September 2023.
Despite ongoing investigations, the hospital has yet to confirm the precise data compromised in the attack. However, it has informed patients that the breach may have exposed personal details like contact information, health records, and financial data. This includes sensitive data like health insurance, medical record numbers, and social security numbers. The hospital also noted that credit card information was not part of the compromised data.
In response to the breach, the hospital initiated its incident response plan, consulting with cybersecurity experts and taking action to prevent further damage. Systems were shut down immediately to sever connections and mitigate the attack. Additionally, the hospital is offering one year of free credit monitoring and identity protection services to affected patients through Equifax, which patients can access via a dedicated assistance line.
The hospital is encouraging all patients and individuals to practice good security habits. This includes monitoring credit reports, using fraud alerts, and requesting free annual credit reports. The Federal Trade Commission (FTC) has also provided resources for those who suspect their data may have been misused. The hospital remains committed to keeping affected patients informed and protecting their personal data moving forward.
Reference: