Back in December, this site reported on a ransomware incident affecting Gastroenterology Consultants, LTD in Nevada. They had been the target of Conti threat actors, and they reported the incident to HHS in January as impacting 2,500 patients.
Yesterday,, I saw another listing for Gastroenterology Consultants, but this is Gastroenterology Consultants, P.A. in Houston, Texas.
According to a notice on their web site dated March 19, 2021, they experienced an attack on January 10, 2021. But they have not notified patients yet, it seems. The March 19 notice simply stated:
Gastroenterology Consultants, PA experienced a cyber ransomware attack on Janaury 10, 2021. We have resolved the cyber issues and remediated and restored our systems, but we are still evaluating the potential exposure of patient information and are using expert assistance to determine the scope so we can issue any notifications, if required. In the meantime, if you have any concerns, please contact us at potential_databreach_questions@gastroconsultants.com.
On May 12, their external counsel notified the Maine Attorney General’s Office of the incident. Their report indicated that a total of 460 patients had been impacted, but the date of consumer notification was given as “TBD” (to be determined). Identity theft services will be offered to those affected.
Because they have reported this as impacting 460, we will not see this on HHS’s breach tool.
To date, this incident has not appeared on any dedicated leak site by threat actors and there has been no disclosure of who did this, how much ransom may have been demanded, and whether any ransom was paid.
DataBreaches.net sent an email inquiry to the entity yesterday asking for additional details and asking why it has taken four months since discovery and notifications to patients have not yet been made. No reply was received. This post will be updated if a response is received.