Tri-Cities Gastroenterology Data Breach Exposes Sensitive Patient Information
On April 29, 2026, Tri-Cities Gastroenterology, a healthcare provider with five offices in northeast Tennessee, began notifying individuals affected by a data breach discovered in late 2025. An investigation concluded on April 22, 2026, revealed that an unauthorized third party accessed and exfiltrated files from the company’s network on or around December 11, 2025.
The compromised data includes highly sensitive personal and medical information, such as full names, Social Security numbers, dates of birth, addresses, email addresses, phone numbers, gender, and medical record numbers. The breach has prompted legal scrutiny, with attorneys investigating whether a class action lawsuit can be filed on behalf of affected individuals to seek compensation for privacy violations, out-of-pocket costs, and other damages.
Tri-Cities Gastroenterology has not disclosed the total number of individuals impacted, but the exposed data poses significant risks for identity theft and fraud. The incident underscores ongoing vulnerabilities in healthcare data security, particularly for organizations handling protected health information.
Source: https://www.classaction.org/data-breach-lawsuits/tri-cities-gastroenterology-april-2026
Holston Medical Group cybersecurity rating report: https://www.rankiteo.com/company/holston-medical-group
"id": "HOL1777991452",
"linkid": "holston-medical-group",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Northeast Tennessee',
'name': 'Tri-Cities Gastroenterology',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Notification to affected individuals',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Social Security numbers',
'Dates of birth',
'Addresses',
'Email addresses',
'Phone numbers',
'Gender',
'Medical record numbers']},
'date_detected': '2025-12-11',
'date_publicly_disclosed': '2026-04-29',
'date_resolved': '2026-04-22',
'description': 'Tri-Cities Gastroenterology, a healthcare provider with five '
'offices in northeast Tennessee, experienced a data breach '
'where an unauthorized third party accessed and exfiltrated '
'files containing sensitive patient information. The breach '
'was discovered in late 2025 and affected individuals were '
'notified starting April 29, 2026.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'Highly sensitive personal and medical '
'information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuit'},
'investigation_status': 'Concluded',
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit'},
'response': {'communication_strategy': 'Notification to affected individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'Tri-Cities Gastroenterology Data Breach Exposes Sensitive Patient '
'Information',
'type': 'Data Breach'}