Gastro Health Data Breach Exposes Personal & Health Information for 35k Individuals

Published
June 4, 2026
Updated
July 17, 2026
Gastro Health Data Breach Exposes Personal & Health Information for 35k Individuals
Gastro Health

Gastro Health, a large gastroenterology medical group with more than 200 locations across the United States, disclosed a data breach that impacted 35,632 total individuals, including 1,813 Washington residents and 291 Massachusetts residents.

On Feb. 25, 2026, the company became aware of a phishing incident involving some of its personnel that resulted in unauthorized access to certain files and systems accessible to those employees.

On March 2, 2026, Gastro Health became aware of a separate phishing incident involving one of its employees that also resulted in unauthorized access to certain files.

After discovering both incidents, Gastro Health conducted a detailed review of the affected files. That review found that personal information belonging to certain individuals was contained in the relevant data.

The types of information exposed varied by individual. Personally identifiable information (PII) that may have been affected includes names, dates of birth, Social Security numbers and government-issued or state-issued ID numbers.

Protected health information (PHI) that may have been affected includes medical record numbers, patient account numbers, Medicare or Medicaid numbers, health insurance or group account numbers, diagnosis or treatment information, prescription information and provider or clinic information.

Gastro Health posted a notice on its website with details about the incident and steps affected individuals can take. The company additionally filed a disclosure with the U.S. Department of Health and Human Services.

Gastro Health's response

Gastro Health is offering affected individuals 24 months of free identity protection services through Epiq Privacy Solutions ID at no cost. To enroll, affected individuals can visit www.privacysolutionsid.com and enter the activation code included in their notification letter. Enrollment must be completed by the deadline listed in each person's letter.

Gastro Health has set up a dedicated phone line for questions about the breach. Affected individuals can call 888-500-5727, Monday through Friday, from 9 a.m. to 9 p.m. Eastern time.

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Affected Entity
Gastro Health
Consumers Notification date
Date of Breach
February 25, 2026
Breach Discovered Date
February 25, 2026
Total People Affected
35632
Information Types Exposed
  • Medicare or Medicaid number
  • Name
  • Social Security Number
  • Driver's License or Washington ID Card Number
  • Full Date of Birth
  • Health Insurance Policy or ID Number
  • Medical Information
  • Protected Health Information owned or licensed by
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image