Washington Gastroenterology Confirms Ransomware Attack

Published

May 9, 2025

Updated

August 27, 2025

Washington Gastroenterology

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

On or about March 10, 2025, Washington Gastroenterology (WAGI), the largest gastroenterology practice in Washington state, discovered that certain data had been accessed and exposed by an unknown third party. According to the official Notice of Data Event, the breach involved a legacy WAGI system.

The attack has been claimed by the INC RANSOM ransomware group, who posted sample screenshots and claimed to have obtained sensitive data on their dark web portal, as reported on the tor network.

While the full scope of affected individuals is still under investigation, WAGI is conducting a thorough review to determine exactly what information was included and to whom it belongs. If your information was impacted, you will receive further instructions by mail.

The data cybersecurity incident was disclosed to the California, Massachusetts, Texas, Vermont and Washington Attorney Generals' offices beginning on Aug. 22, 2025. Affected individuals include 1,261 Washington residents, 551 in Texas and 37 in Massachusetts.

The types of information potentially exposed may include personally identifiable information (PII) and protected health information (PHI), such as names, contact details, social security numbers, medical records, and other sensitive data.

Washington Gastroenterology's response

WAGI has taken several steps in response to the breach. Upon discovering the unauthorized access, the organization quickly secured its systems and launched a comprehensive investigation to understand the scope and nature of the incident. The company is working with regulatory authorities, including the Department of Health and Human Services, and is notifying all potentially impacted individuals as required by law.

If you are a current or former patient, WAGI encourages you to remain vigilant against identity theft and fraud. It is recommended that you review your account statements and monitor your free credit reports for suspicious activity over the next 12 to 24 months. For any questions or concerns, WAGI has set up a dedicated inquiry line at 1-877-655-1764.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.