Gastroenterology Consultants of South Texas Data Breach 2025: 44,579 Patients Exposed in Interlock Ransomware Attack on Texas Digestive Specialists
Gastroenterology Consultants of South Texas (dba Texas Digestive Specialists) reported a network-server breach to HHS OCR on July 22, 2025 affecting 44,579 individuals. The Interlock ransomware group claimed responsibility and leaked 263 GB of data, including names, dates of birth, medical histories, lab and pathology reports, and health insurance information. Multiple plaintiff firms have opened class-action investigations.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
May 25, 2025
Unauthorized third party accesses Gastroenterology Consultants of South Texas network (late May 2025)
Jun 3, 2025
Interlock ransomware group lists Texas Digestive Specialists on its dark-web leak site, claiming 263 GB / 215,245 files exfiltrated
Jul 2, 2025
Bragar Eagel & Squire, P.C. opens class-action investigation on behalf of Texas Digestive Specialists patients (pre-OCR filing)
Jul 22, 2025
Breach reported to HHS Office for Civil Rights as Hacking/IT Incident, Network Server, affecting 44,579 individuals
Jul 22, 2025
FBI, CISA, HHS, and MS-ISAC release joint advisory AA25-203A on Interlock ransomware tactics, techniques, and procedures
Jul 24, 2025
Texas Attorney General notified; 41,521 Texans confirmed affected; substitute notice posted
Jul 24, 2025
Federman & Sherwood and Cole & Van Note open class-action investigations
May 25, 2025
Unauthorized third party accesses Gastroenterology Consultants of South Texas network (late May 2025)
Jun 3, 2025
Interlock ransomware group lists Texas Digestive Specialists on its dark-web leak site, claiming 263 GB / 215,245 files exfiltrated
Jul 2, 2025
Bragar Eagel & Squire, P.C. opens class-action investigation on behalf of Texas Digestive Specialists patients (pre-OCR filing)
Jul 22, 2025
Breach reported to HHS Office for Civil Rights as Hacking/IT Incident, Network Server, affecting 44,579 individuals
Jul 22, 2025
FBI, CISA, HHS, and MS-ISAC release joint advisory AA25-203A on Interlock ransomware tactics, techniques, and procedures
Jul 24, 2025
Texas Attorney General notified; 41,521 Texans confirmed affected; substitute notice posted
Jul 24, 2025
Federman & Sherwood and Cole & Van Note open class-action investigations
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Gastroenterology Consultants of South Texas, the Rio Grande Valley GI practice that operates as Texas Digestive Specialists with clinics in Harlingen, Brownsville, and McAllen, reported a network-server hacking incident to the U.S. Department of Health and Human Services on July 22, 2025, affecting 44,579 individuals. The breach is widely attributed to the Interlock ransomware group, which added the practice to its dark-web leak site on June 3, 2025 and claimed to have stolen 263 GB of data spanning 215,245 files. A subsequent filing with the Texas Attorney General on July 24, 2025 confirmed that PII and PHI for 41,521 Texans were exposed. Breach notification letters were sent to residents in at least 13 additional states (California, Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Vermont, and Washington), based on independent attorney general portal filings in each of those states.
On the same day the OCR report was filed, the FBI, CISA, the Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center jointly released advisory AA25-203A specifically warning healthcare organizations about Interlock’s tactics. The advisory confirmed Interlock operates a double-extortion model: it exfiltrates data first, then encrypts systems to maximize pressure. Federal investigators had been tracking Interlock since at least September 2024 and noted activity through at least June 2025. The practice operates pediatric gastroenterology services in addition to adult GI and colorectal care. Minors’ protected health information may be among the records that were exfiltrated.
Timeline
- Late May 2025 — An unauthorized third party gains access to the Gastroenterology Consultants of South Texas network. The substitute notice describes this as the access window; an exact start date is not publicly disclosed.
- June 3, 2025 — Interlock ransomware operators list “Texas Digestive Specialists” on their dark-web leak portal. DataBreaches.net reports 16,920 folders containing 215,245 files (about 263 GB) were exfiltrated, including PDF lab and pathology reports.
- July 22, 2025 — Breach reported to HHS OCR as a Hacking/IT Incident at a Network Server affecting 44,579 individuals.
- July 24, 2025 — Substitute notice posted on the entity’s website. Texas Attorney General notified that 41,521 Texans are affected. Federman & Sherwood and Cole & Van Note open class-action investigations the same day.
What was stolen
According to the substitute notice and contemporaneous press coverage, the data potentially involved varies by individual but may include:
- Name, address, and date of birth
- Social Security number (per HIPAA Journal reporting on the OCR-level disclosure)
- Medical history and treatment information
- Lab and pathology reports, including test dates, relevant clinical history, and findings
- Health insurance information
DataBreaches.net independently reviewed sample files from the Interlock leak and confirmed that many of the exposed PDFs were lab pathology reports containing patient name, date of birth, date of testing, history, and findings. The substitute notice itself does not name ransomware, but the public Interlock listing and the leaked file inventory align with a ransomware-with-exfiltration pattern.
What Texas Digestive Specialists is offering
Texas Digestive Specialists is offering complimentary credit monitoring through TransUnion to notified individuals. A dedicated toll-free line for affected individuals is staffed at 800-405-6108, Monday through Friday, 7:00 a.m. to 7:00 p.m. Central time. Enrollment instructions and the activation code are included in the individual notification letters.
Class actions
The HHS OCR entry remains in open / under investigation status as of this writing. No civil enforcement action has been announced.
On the civil-litigation side, at least four plaintiff firms have publicly opened investigations into potential class claims against Gastroenterology Consultants of South Texas / Texas Digestive Specialists:
- Bragar Eagel & Squire, P.C. (New York) — announced July 2, 2025, prior to the formal OCR filing
- Federman & Sherwood (Oklahoma City) — announced July 25, 2025
- Cole & Van Note (California) — announced July 24, 2025
- Cafferty Clobes Meriwether & Sprengel LLP (Pennsylvania)
ClassAction.org noted its own intake investigation as “complete” as of late September 2025, which typically signals that a firm with sufficient plaintiffs has moved toward filing. A consolidated complaint had not been publicly identified in court records at last review. Typical theories in cases of this profile include negligence, breach of fiduciary duty, breach of implied contract, and violations of the Texas Identity Theft Enforcement and Protection Act.
What to do
- Enroll in the offered TransUnion credit monitoring using the activation code in your notification letter. The code is single-use; do not share it.
- Freeze your credit with Equifax, Experian, and TransUnion. Because Social Security numbers were potentially involved, a security freeze is materially more protective than monitoring alone. It is free and reversible.
- If a minor was a patient: freeze the child’s credit at all three bureaus separately from your own. Synthetic identity fraud against children often goes undetected for years because credit files are not routinely monitored. That invisibility makes the breach more dangerous, not less.
- Watch for medical identity theft. Lab and pathology reports were in the exfiltrated set. Review every Explanation of Benefits from your insurer and request a copy of your medical record if you see services or providers you do not recognize.
- Be alert to targeted phishing and extortion attempts. Interlock is known to use highly specific data in follow-on lures. Treat unexpected calls, texts, or emails referencing real test dates or GCST clinic visits with skepticism, and call the clinic back at a number you look up yourself.
- Preserve your notification letter. If a class action is filed and certified, the letter is the simplest proof that you are a class member.
- Confirm your status by calling the entity hotline at 800-405-6108 if you did not receive a letter but were a GCST patient.
- Stop the ongoing flow of your gastroenterology and surgical records. HealthConsent files HIPAA restriction requests so the digestive-health and lab data exposed in this breach is not continuously re-shared with insurers, data brokers, and third-party marketing networks.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record (filing dated 2025-07-22, 44,579 individuals, Hacking/IT Incident at Network Server).
- HIPAA Journal — Texas Gastroenterology Clinic Falls Victim to Interlock Ransomware Attack — Interlock attribution, OCR-vs-state count reconciliation, SSN confirmation.
- DataBreaches.net — Texas gastroenterology and surgical practice victim of ransomware attack — independent review of Interlock leak contents (263 GB, 215,245 files, pathology PDFs).
- Gastroenterology Consultants of South Texas — Substitute Notice of Data Incident (PDF) — entity’s own notification, hotline number, credit-monitoring offer.
- Becker’s ASC — Texas GI practice breach could have exposed data of 41,000 patients — trade-press confirmation of scope and dates.
- Paubox — South Texas gastroenterology provider faces 41,000 data breach — secondary corroboration.
- Federman & Sherwood — GCST Data Breach Investigation — plaintiff-side investigation notice.
- Cole & Van Note — Texas Digestive Specialists Data Breach Investigation — plaintiff-side investigation notice.
- Bragar Eagel & Squire, P.C. — Texas Digestive Specialists Data Breach Investigation (GlobeNewswire) — fourth plaintiff firm investigation, opened July 2, 2025 pre-OCR.
- CISA — #StopRansomware: Interlock (AA25-203A) — joint FBI/CISA/HHS/MS-ISAC advisory on Interlock ransomware, released July 22, 2025; confirms double-extortion model, North America/Europe targeting pattern.
- San Antonio Express-News — More than 41K Texans impacted in healthcare data breach — local press coverage; notes Harlingen clinic as apparent breach locus and confirms FBI/CISA advisory context.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- HIPAA Journal — Texas Gastroenterology Clinic Falls Victim to Interlock Ransomware Attack
- DataBreaches.net — Texas gastroenterology and surgical practice victim of ransomware attack
- Gastroenterology Consultants of South Texas — Substitute Notice of Data Incident
- Becker's ASC — Texas GI practice breach could have exposed data of 41,000 patients
- Paubox — South Texas gastroenterology provider faces 41,000 data breach
- Federman & Sherwood — Gastroenterology Consultants of South Texas Data Breach Investigation
- Cole & Van Note — Texas Digestive Specialists Data Breach Investigation
- Bragar Eagel & Squire, P.C. — Texas Digestive Specialists Data Breach Investigation (GlobeNewswire, July 2, 2025)
- CISA — #StopRansomware: Interlock (Joint Advisory AA25-203A, July 22, 2025)
- San Antonio Express-News — More than 41K Texans impacted in healthcare data breach
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.