Ransomware and Email Breaches Impact Three U.S. Healthcare Providers
Learn More
Hospital Caribbean Medical Center, a healthcare facility in Puerto Rico, reports a data breach to the U.S. Department of Health and Human Services on February 8, 2026. The incident involved a ransomware attack that disrupted the hospital's information systems and email compromise.
The threat actor group known as "The Gentlemen" claimed responsibility, adding the facility to its dark web leak site and threatening to publish stolen patient files.
Aligned Orthopedic Partners in Maryland suffered an unauthorized intrusion into its email platform between November 16 and December 16, 2025. Murray County Medical Center in Minnesota faced a significant delay in its investigation.
Security teams detected suspicious activity on August 21, 2025 and did not confirm that data had been stolen until January 27, 2026, a five-month dwell time.
The Puerto Rico reports that the incident is affecting up to 92,000 individuals, but did not specify what types of data were exposed.
Murray County Medical Center in Slayton, Minnesota reports that the incident is affecting 5,073 individuals and the exposed information includes
- names
- dates of birth
- Social Security numbers
- driver’s license numbers
- health insurance information
- medical treatment details
- medical history.
Aligned Orthopedic Partners in Maryland did not disclose any details.
The number of affected individuals over the three incidents is approximately 97,073.
Affected patients should monitor their insurance statements for fraudulent medical claims and consider placing fraud alerts on their credit reports.
