On or about March 10, 2025, Washington Gastroenterology (WAGI), the largest gastroenterology practice in Washington state, discovered that certain data had been accessed and exposed by an unknown third party. According to the official Notice of Data Event, the breach involved a legacy WAGI system.
The attack has been claimed by the INC RANSOM ransomware group, who posted sample screenshots and claimed to have obtained sensitive data on their dark web portal, as reported on the tor network.
While the full scope of affected individuals is still under investigation, WAGI is conducting a thorough review to determine exactly what information was included and to whom it belongs. If your information was impacted, you will receive further instructions by mail.
The types of information potentially exposed may include personally identifiable information (PII) and protected health information (PHI), such as names, contact details, social security numbers, medical records, and other sensitive data.
WAGI has taken several steps in response to the breach. Upon discovering the unauthorized access, the organization quickly secured its systems and launched a comprehensive investigation to understand the scope and nature of the incident. The company is working with regulatory authorities, including the Department of Health and Human Services, and is notifying all potentially impacted individuals as required by law.
If you are a current or former patient, WAGI encourages you to remain vigilant against identity theft and fraud. It is recommended that you review your account statements and monitor your free credit reports for suspicious activity over the next 12 to 24 months. For any questions or concerns, WAGI has set up a dedicated inquiry line at 1-877-655-1764. Additional details can be found in the official Notice of Data Event.