Active breach tracker Texas Disclosed July 22, 2025

Gastroenterology Consultants of South Texas Data Breach 2025: 44,579 Patients Exposed in Interlock Ransomware Attack on Texas Digestive Specialists

Gastroenterology Consultants of South Texas (dba Texas Digestive Specialists) reported a network-server breach to HHS OCR on July 22, 2025 affecting 44,579 individuals. The Interlock ransomware group claimed responsibility and leaked 263 GB of data, including names, dates of birth, medical histories, lab and pathology reports, and health insurance information. Multiple plaintiff firms have opened class-action investigations.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

May 25, 2025

Unauthorized third party accesses Gastroenterology Consultants of South Texas network (late May 2025)

Jun 3, 2025

Interlock ransomware group lists Texas Digestive Specialists on its dark-web leak site, claiming 263 GB / 215,245 files exfiltrated

Jul 2, 2025

Bragar Eagel & Squire, P.C. opens class-action investigation on behalf of Texas Digestive Specialists patients (pre-OCR filing)

Jul 22, 2025

Breach reported to HHS Office for Civil Rights as Hacking/IT Incident, Network Server, affecting 44,579 individuals

Jul 22, 2025

FBI, CISA, HHS, and MS-ISAC release joint advisory AA25-203A on Interlock ransomware tactics, techniques, and procedures

Jul 24, 2025

Texas Attorney General notified; 41,521 Texans confirmed affected; substitute notice posted

Jul 24, 2025

Federman & Sherwood and Cole & Van Note open class-action investigations

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security numbers

02

Health records

Don't expire and can't be reissued

Medical history and treatment information Lab and pathology reports (test dates, findings)

03

Contact & insurance

Phishing + targeted scams

Names Addresses Dates of birth Health insurance information

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Federman & Sherwood Cole & Van Note Cafferty Clobes Meriwether & Sprengel LLP Bragar Eagel & Squire, P.C.
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Gastroenterology Consultants of South Texas, the Rio Grande Valley GI practice that operates as Texas Digestive Specialists with clinics in Harlingen, Brownsville, and McAllen, reported a network-server hacking incident to the U.S. Department of Health and Human Services on July 22, 2025, affecting 44,579 individuals. The breach is widely attributed to the Interlock ransomware group, which added the practice to its dark-web leak site on June 3, 2025 and claimed to have stolen 263 GB of data spanning 215,245 files. A subsequent filing with the Texas Attorney General on July 24, 2025 confirmed that PII and PHI for 41,521 Texans were exposed. Breach notification letters were sent to residents in at least 13 additional states (California, Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Vermont, and Washington), based on independent attorney general portal filings in each of those states.

On the same day the OCR report was filed, the FBI, CISA, the Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center jointly released advisory AA25-203A specifically warning healthcare organizations about Interlock’s tactics. The advisory confirmed Interlock operates a double-extortion model: it exfiltrates data first, then encrypts systems to maximize pressure. Federal investigators had been tracking Interlock since at least September 2024 and noted activity through at least June 2025. The practice operates pediatric gastroenterology services in addition to adult GI and colorectal care. Minors’ protected health information may be among the records that were exfiltrated.

Timeline

  • Late May 2025 — An unauthorized third party gains access to the Gastroenterology Consultants of South Texas network. The substitute notice describes this as the access window; an exact start date is not publicly disclosed.
  • June 3, 2025 — Interlock ransomware operators list “Texas Digestive Specialists” on their dark-web leak portal. DataBreaches.net reports 16,920 folders containing 215,245 files (about 263 GB) were exfiltrated, including PDF lab and pathology reports.
  • July 22, 2025 — Breach reported to HHS OCR as a Hacking/IT Incident at a Network Server affecting 44,579 individuals.
  • July 24, 2025 — Substitute notice posted on the entity’s website. Texas Attorney General notified that 41,521 Texans are affected. Federman & Sherwood and Cole & Van Note open class-action investigations the same day.

What was stolen

According to the substitute notice and contemporaneous press coverage, the data potentially involved varies by individual but may include:

  • Name, address, and date of birth
  • Social Security number (per HIPAA Journal reporting on the OCR-level disclosure)
  • Medical history and treatment information
  • Lab and pathology reports, including test dates, relevant clinical history, and findings
  • Health insurance information

DataBreaches.net independently reviewed sample files from the Interlock leak and confirmed that many of the exposed PDFs were lab pathology reports containing patient name, date of birth, date of testing, history, and findings. The substitute notice itself does not name ransomware, but the public Interlock listing and the leaked file inventory align with a ransomware-with-exfiltration pattern.

What Texas Digestive Specialists is offering

Texas Digestive Specialists is offering complimentary credit monitoring through TransUnion to notified individuals. A dedicated toll-free line for affected individuals is staffed at 800-405-6108, Monday through Friday, 7:00 a.m. to 7:00 p.m. Central time. Enrollment instructions and the activation code are included in the individual notification letters.

Class actions

The HHS OCR entry remains in open / under investigation status as of this writing. No civil enforcement action has been announced.

On the civil-litigation side, at least four plaintiff firms have publicly opened investigations into potential class claims against Gastroenterology Consultants of South Texas / Texas Digestive Specialists:

  • Bragar Eagel & Squire, P.C. (New York) — announced July 2, 2025, prior to the formal OCR filing
  • Federman & Sherwood (Oklahoma City) — announced July 25, 2025
  • Cole & Van Note (California) — announced July 24, 2025
  • Cafferty Clobes Meriwether & Sprengel LLP (Pennsylvania)

ClassAction.org noted its own intake investigation as “complete” as of late September 2025, which typically signals that a firm with sufficient plaintiffs has moved toward filing. A consolidated complaint had not been publicly identified in court records at last review. Typical theories in cases of this profile include negligence, breach of fiduciary duty, breach of implied contract, and violations of the Texas Identity Theft Enforcement and Protection Act.

What to do

  • Enroll in the offered TransUnion credit monitoring using the activation code in your notification letter. The code is single-use; do not share it.
  • Freeze your credit with Equifax, Experian, and TransUnion. Because Social Security numbers were potentially involved, a security freeze is materially more protective than monitoring alone. It is free and reversible.
  • If a minor was a patient: freeze the child’s credit at all three bureaus separately from your own. Synthetic identity fraud against children often goes undetected for years because credit files are not routinely monitored. That invisibility makes the breach more dangerous, not less.
  • Watch for medical identity theft. Lab and pathology reports were in the exfiltrated set. Review every Explanation of Benefits from your insurer and request a copy of your medical record if you see services or providers you do not recognize.
  • Be alert to targeted phishing and extortion attempts. Interlock is known to use highly specific data in follow-on lures. Treat unexpected calls, texts, or emails referencing real test dates or GCST clinic visits with skepticism, and call the clinic back at a number you look up yourself.
  • Preserve your notification letter. If a class action is filed and certified, the letter is the simplest proof that you are a class member.
  • Confirm your status by calling the entity hotline at 800-405-6108 if you did not receive a letter but were a GCST patient.
  • Stop the ongoing flow of your gastroenterology and surgical records. HealthConsent files HIPAA restriction requests so the digestive-health and lab data exposed in this breach is not continuously re-shared with insurers, data brokers, and third-party marketing networks.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.