Cyber Incident Victim: College of Physicians and Surgeons

In January 2014, the College of Physicians and Surgeons of Puerto Rico confirmed that unauthorized actors had acquired personal information belonging to all licensed medical doctors on the island. The breach exposed data that could facilitate identity theft and fraudulent prescription submissions, according to the organization's statement. While the exact intrusion method and timeline were not publicly disclosed, the incident resulted in physicians receiving harassing emails shortly after the compromise. The stolen information's specific elements remained undefined beyond its capacity to enable impersonation and illicit prescription activities. No details emerged regarding how the breach was detected, whether systems were secured post-discovery, or if law enforcement was engaged. The Association of Surgeons (likely referring to the College of Physicians and Surgeons) emphasized the operational risks posed by the theft but did not outline remediation steps for affected individuals.

The breach's scope encompassed all licensed physicians in Puerto Rico, though the precise number of affected individuals was complicated by fluctuating licensure counts. An April 2013 report noted a decline from 11,397 to 9,950 practicing doctors, but the compromised database potentially contained historical records extending beyond current licensees. This ambiguity left the total impacted population undetermined, with no clarification from the College regarding data retention periods or record inclusion criteria. No additional technical details about the attack vector, data storage systems, or containment measures were released publicly. The absence of a functional website for the College hindered information dissemination, and no further updates regarding victim support or investigative outcomes were documented in the available source material.