Around 1.2 Million Patients Affected by Ransomware Attack on Puerto Rico Hospital

Doctors’ Center Hospital located in Puerto Rico has just informed the Department of Health and Human Services Office for Civil Rights (OCR) about the hacking/IT incident it has experienced and the potential compromise of the protected health information (PHI) of 1,195,220 patients.

The hospital’s website has not published any notification concerning the incident yet as of November 23, 2022. Therefore, Doctors’ Center Hospital has not publicized any detail about the nature of the attack yet. But all existing information suggests that the incident was a new attack, and the hospital is still trying to bounce back from it. looked into the incident and discovered a somewhat unknown ransomware gang named Project Relican accessed the data leak website and claimed accountability for the cyberattack. The Project Relic dark web data leak website posted 114 MB of the 211 GB of data that was stolen during the attack.

A report written by Blackpoint’s Adversary Pursuit Group talks about the group, which states that the new ransomware group was not well-known one month ago, however, it has carried out several attacks. It is believed that the group just began its operations in October 2022. As per Blackpoint, the ransomware is written in Go because of its ease of mobility, speed, and the little possibility of it being noticed by static exploration. The group is recognized to connect with victims through a customized chat program on the Tor network to make a deal on ransoms and the group posts stolen information when the ransom is not compensated when they’re due.

One partner of Blackpoint encountered an attack and the group professed to have extracted 400 GB of information and demanded a ransom amount of 100 BTC or roughly $1,638,800. Blackpoint has examined the ransomware, however, it cannot determine at this time how the group could access victims’ networks.

Additional updates will be posted when it becomes available.