Tri-Cities Gastro Data Breach Exposes Personal Information Including SSNs

Tri-Cities Gastroenterology, a medical practice specializing in gastrointestinal and liver disease diagnosis and treatment, disclosed a data breach that occurred on or about Dec. 11, 2025. During this access, files were removed from the network by the unauthorized third-party actor.

Following the incident, the company launched an investigation with the help of external cybersecurity professionals experienced in handling these types of incidents. On or about April 22, 2026, the forensic investigation determined that the files removed from the network on or around Dec. 11, 2025, contained protected health information belonging to a limited number of individuals.

The types of information exposed included full names, Social Security numbers, dates of birth, addresses, email addresses, telephone numbers, gender and medical record numbers.

The breach was disclosed to the Vermont Attorney General on April 29, 2026. Tri-Cities Gastroenterology began notifying affected individuals on April 29, 2026, and posted a notice on its website.

Tri-Cities Gastroenterology's response to the breach

Beginning on April 29, 2026, the company notified individuals whose information was included in the files that may have been accessed and removed by the unauthorized party.

Individuals whose Social Security numbers were contained in the impacted files have been offered complimentary credit monitoring.

Tri-Cities Gastroenterology has set up a dedicated toll-free response line at 844-558-4651 for individuals who have questions or want to determine whether their information was involved. The response line is available from 9 a.m. to 9 p.m. Eastern time, Monday through Friday, excluding holidays.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze on credit files by contacting Equifax (1-800-525-6285), Experian (1-888-397-3742) or TransUnion (1-800-680-7289), since exposed Social Security numbers and dates of birth can be used to open fraudulent accounts.
• Request free credit reports at AnnualCreditReport.com and review them carefully for unfamiliar accounts, inquiries or other discrepancies.
• Review Explanation of Benefits statements from health insurance providers for any services or charges that seem unfamiliar, since medical record numbers were among the exposed data.
• Be cautious of phishing attempts that reference Tri-Cities Gastroenterology or this data breach by name, whether they arrive by email, phone or mail.
• Monitor financial accounts and mail closely for any unusual activity, and contact local law enforcement to file a police report if signs of identity theft appear.
• File a complaint with the FTC at ftc.gov/idtheft or by calling 1-877-438-4338 if there is evidence that exposed information has been misused.