Cyber Incident Victim: Doctors Center Hospital
Date:
Sep 2022
Location:
United States of America
Summary
Doctors’ Center Hospital experienced a data breach involving unauthorized access to its network server through a hacking incident, compromising protected health information of approximately 1.2 million individuals. The Puerto Rico-based healthcare provider, operating multiple facilities and generating significant annual revenue, initiated a review of affected files and notified impacted parties following the incident, though public disclosure details remain limited.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Doctors’ Center Hospital, a healthcare network based in Puerto Rico, reported a data breach to the U.S. Department of Health and Human Services, Office for Civil Rights (HHS-OCR) on November 9, 2022. The breach notification indicated that an unauthorized party had gained access to sensitive patient information through a hacking/IT incident targeting one of the hospital’s network servers. According to the HHS-OCR filing, the breach compromised the protected health information of 1,195,220 individuals, though the hospital had not yet posted a public notice about the incident on its website at the time of reporting. Upon discovering that unauthorized access had occurred, the hospital initiated a review of affected files to determine the specific types of data exposed and identify impacted individuals. While the exact nature of the compromised information varied by individual, the hospital confirmed it likely included protected health information. Data breach notification letters were sent to all affected parties on November 9, 2022, advising them of the incident and outlining steps to mitigate risks of identity theft or fraud.
Founded in 1959, Doctors’ Center Hospital operates hospitals, emergency centers, clinics, and specialty facilities across Puerto Rico, including locations in San Juan, Bayamon, San Fernando de la Carolina, and Manatí. The organization generates approximately $69 million in annual revenue and has expanded from its initial 13-bed capacity to become one of Puerto Rico’s largest health systems. The breach’s scope, affecting over 1.1 million individuals, raised concerns about potential misuse of sensitive health data, though the hospital’s HHS-OCR filing provided no additional details regarding the intrusion methods, timeline of unauthorized access, or specific security measures in place at the time of the incident. The hospital’s response focused on notifying victims and coordinating breach remediation efforts, with no public disclosure of containment procedures, forensic investigations, or system upgrades implemented post-breach.