Data Breach Blog

Data Breach

Gastroenterology & Hepatology of CNY Data Breach

Almeida Law Group Calendar Icon

Date of data breach:
April 15, 2026

April 15, 2026

by: Lucas Caughlin

Gastroenterology & Hepatology of CNY Data Breach–What You Need to Know & What to Do Next

Overview

Gastroenterology & Hepatology of CNY reported a cybersecurity incident after the Exitium ransomware group claimed responsibility for an attack in April 2026. The incident potentially exposed comprehensive medical records for over 167,000 patients in Central New York.

Gastroenterology & Hepatology of CNY is a gastroenterology practice based in Syracuse, New York, with offices in Liverpool. The practice operates alongside the Digestive Disease Center of CNY, an AAAHC-accredited ambulatory surgery center for endoscopy. The practice provides comprehensive gastroenterology services, including digestive disorder treatment and colon cancer screening.

According to ransomware threat intelligence, the Exitium ransomware group posted the practice to its data leak site on April 14, 2026, claiming to have exfiltrated the complete patient database. The attackers state they will sell the database if ransom demands are not met.

The posting claims the database contains 167,303 patient records, including 124,761 with Social Security numbers, 1,093,863 diagnoses, 1,547,142 medication records, and 186,246 pathology specimens with reports. The attackers specifically highlight that nearly 50,000 patients have sensitive diagnoses including mental health conditions, substance abuse disorders, sexually transmitted infections, cancer, and hepatitis C.

What Information Was Exposed In the Gastroenterology & Hepatology of CNY Data Breach?

According to the threat actors’ claims, the potentially compromised data includes names, Social Security numbers (for 124,761 patients), addresses, phone numbers, and email addresses. The database allegedly contains extensive medical information including over 1 million diagnoses coded using ICD-10, 1.5 million medication records, and nearly 200,000 pathology specimens with narrative reports.

Particularly concerning is the claimed exposure of sensitive diagnoses for 49,798 patients, including mental health conditions (43,902 patients), substance abuse or alcohol-related diagnoses (5,111 patients), sexually transmitted infections (2,779 patients), cancer (2,708 patients), and hepatitis C (1,906 patients).

How Gastroenterology & Hepatology of CNY Responded to the Breach?

As of this writing, Gastroenterology & Hepatology of CNY has not issued a public statement regarding the alleged ransomware attack. The practice has not confirmed the incident or provided details about its investigation or notification plans.

Healthcare providers that experience breaches involving protected health information are required to notify affected individuals, the U.S. Department of Health and Human Services, and in some cases the media, within specified timeframes under HIPAA. New York State also has data breach notification laws requiring notification to affected residents.

How to Check If Your Personal Info Is Exposed

If you are a current or former patient of Gastroenterology & Hepatology of CNY or have received services at the Digestive Disease Center of CNY in Syracuse, New York, your medical records may have been exposed in this breach. Given the threat actors’ claims about the database, patients who received care at this practice at any point may be affected.

Monitoring your accounts, reviewing credit reports and explanation of benefits statements, and watching for any notification letters from the practice are all crucial steps in assessing your potential exposure.

What You Can Do If Your Information Was Exposed

If your medical information may have been part of this breach, review your financial accounts, credit reports, and medical explanation of benefits forms for any unfamiliar activity. Update account passwords and consider placing a fraud alert or credit freeze with major credit bureaus.

Be particularly vigilant for signs of medical identity theft, including unexpected medical bills, explanation of benefits statements for services you did not receive, or insurance claims for unfamiliar treatments. Given the alleged exposure of sensitive diagnoses, be cautious of any unexpected contact from individuals claiming to have information about your medical history.

Acting now can limit the long-term consequences of this breach and protect your personal, financial, and medical information in the future.

Understanding Your Legal Rights: Data Breach Lawyer Near Me

Victims of data breaches may be entitled to legal remedies if a healthcare provider did not adequately safeguard their protected health information. The alleged exposure of comprehensive medical records, including highly sensitive diagnoses, represents a serious healthcare data breach.

Almeida Law Group is actively reviewing the Gastroenterology & Hepatology of CNY incident to determine what legal options may be available for those affected.

If you are a patient of Gastroenterology & Hepatology of CNY or the Digestive Disease Center of CNY and believe your medical information may have been exposed, you can contact Almeida Law Group for a free consultation.

Were You a Victim of a Data Breach?

data breach news

"*" indicates required fields

Your use of this site and the information provided here is not intended to create and does not create an attorney client relationship with the Almeida Law Group and/or attorneys employed by the Firm. No attorney client relationship is intended or created unless and until an engagement agreement is signed by all relevant parties. The contents of this site constitute attorney advertising and not legal advice; therefore you should not act or rely upon any information contained herein, and should always seek the advice of an attorney.

Resourceful. Resilient. Relentless.

Contact us today to get the justice you and your family deserve.

Contact us Today