Ransomware Gang Claims Theft of 92,000 Records from Puerto Rico Hospital After Containment

TL;DR: On Feb. 8, 2026 Caribbean Medical Center announced containment of a cyberattack affecting about 92,000 U.S. records. Nine days later, ransomware group The Gentlemen claimed they stole the data and threatened to publish it within 9-10 days.

Context: Caribbean Medical Center is a 25-bed acute care hospital in Fajardo, Puerto Rico, providing emergency, inpatient, laboratory, radiology and specialty services around the clock. It serves pediatric, adult and geriatric patients and includes an on-site pharmacy and outpatient radiology.

Key Facts: The hospital’s internal monitoring detected suspicious activity on part of its information systems, prompting activation of security protocols and, with external cybersecurity experts, isolation of affected segments. The hospital reported a return to normal operations and disclosed the breach to the U.S. Department of Health and Human Services, without specifying the exact compromise date or data types. On Feb. 17, 2026 The Gentlemen posted on a dark web forum via Tor that they had exfiltrated the hospital’s data and would release it in nine to ten days unless demands were met.

What It Means: The claim suggests possible exposure of protected health information such as names, medical histories, and insurance details for roughly 92,000 individuals in the United States. Healthcare organizations must assume the data could be used for identity theft, fraud, or targeted phishing, and regulatory scrutiny under HIPAA may follow with possible fines and mandatory corrective action plans.

Mitigations: Enforce multi-factor authentication on all remote access points and patch known vulnerabilities exploited in ransomware campaigns (e.g., CVE-2023-XXXX for VPN appliances). Implement network segmentation, disable unnecessary SMBv1 shares, and deploy EDR rules targeting MITRE ATT&CK techniques T1059.001 (PowerShell), T1078 (Valid Accounts), and T1486 (Data Encrypted for Impact). Maintain regular, offline backups tested for restoration and conduct tabletop exercises that simulate ransomware notification and data-leak scenarios.

Watch for any appearance of the stolen data on leak sites, official updates from Caribbean Medical Center, and potential guidance from HHS on breach notification timelines.