The organization recently notified the public and the FBI regarding a massive data breach.
Gastroenterology Consultants of South Texas (GCST), also known as Texas Digestive Specialists, recently notified the public and the Texas Attorney General of a data breach. According to the notice, an unuahtorized party was able to access patient information in late May of this year.
The gastroenterology provider has multiple locations across the Rio Grande Valley, but the breach seems to be isolated to just one location; the group’s Harlingen clinic, which provides gastroenterology, colon and rectal care, and weight loss care.
GCST has reported that 41,521 current or past patients may have had their information exposed.
GCST did not state what information may have been involved in the breach. In their notice, the organization said, “The information varied by patient but could have included protected health information.” While protected health information (PHI) is a somewhat vague term, it may include medical information, demographic information, financial information, electronic health records, and conversations with healthcare providers. While all PHI is considered valuable, the value may increase when more information is involved.
The organization also said they would be mailing written letters to impacted individuals. The group added, “Please note, we may not have sufficient addresses for all affected individuals.”
In response to the issue, GCST said they took “immediate protective actions to contain the activity and retained industry-leading cybersecurity specialists to investigate the incident, ensure the unauthorized access ceased, and use lessons learned to improve our systems’ security posture.”
Since the breach announcement, further information has surfaced leading some to believe the incident may have been a ransomware attack. According to local news, a dark web group known as InterLock claimed the incident and alleged that they had accessed 263 gigabytes of patient data from GCST. DataBreach.com, a consumer privacy website that tracks incidents of cybercrime, stated that the data may have contained patients’ names, Social Security numbers, birthdays, phone numbers, home addresses, and medical records.
This also isn’t the first time InterLock has made waves. Just a few days before the GCST attack was reported, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a statement about InterLock’s ransomware attempts and methods, showcasing the growing concern about the new group.
Organizations generally state what information was involved, but it’s possible GCST provided specific information in each letter or is waiting to announce full details.
If a healthcare company does not have contact information for a victim, the individual may not receive a notification. For this reason, it’s important to regularly update contact information and monitor credit statements for any potentially suspicious activity.