Tri-Cities Gastroenterology, a healthcare provider in northeast Tennessee, has announced a significant data breach affecting 67,115 individuals. The breach involved unauthorized access to the company’s network and exposed sensitive personal and medical information. The breach was discovered in December 2025, and a full investigation concluded in April 2026.
Tri-Cities Gastroenterology Data Breach Investigation
On or around December 11, 2025, Tri-Cities Gastroenterology, which operates five offices in northeast Tennessee, experienced a data security incident involving unauthorized access to its network. According to the company’s notification, the unauthorized third party accessed and removed files from the system. The breach impacted 67,115 individuals, including patients who trusted the clinic with sensitive personal and medical information.
Once the breach was detected, Tri-Cities Gastroenterology acted quickly to contain the threat. The company immediately engaged cybersecurity experts to investigate the scope of the incident and secure its systems. The forensic investigation, which lasted from December 2025 to April 22, 2026, determined that the removed files contained highly sensitive personal data.
The breach was found to involve a variety of personal identifiers, including full names, Social Security numbers, dates of birth, addresses, email addresses, phone numbers, gender, and medical record numbers. While Tri-Cities Gastroenterology has stated that there is no evidence of fraud or identity theft at this time, the nature of the exposed data means that affected individuals remain at risk for future misuse, including identity theft, medical fraud, and phishing attempts.
In response to the breach, Tri-Cities Gastroenterology has taken steps to improve its security measures and prevent similar incidents from happening in the future. This includes enhanced monitoring, additional training for staff, and strengthening system defenses to protect against unauthorized access.
Additionally, the company is offering Experian IdentityWorksSM identity protection services for 12 months to those impacted. These services will help affected individuals monitor their credit reports for any suspicious activity, and provide assistance in case of identity theft. The service is completely free and includes credit monitoring, fraud detection, and identity theft restoration. Tri-Cities Gastroenterology is also advising individuals to take additional protective measures, such as placing a fraud alert or security freeze on their credit files.
The company’s proactive response reflects its commitment to protecting the privacy and security of patient information, though the breach has still left many individuals vulnerable. Data breaches in healthcare organizations have become increasingly common, and this incident highlights the importance of stringent cybersecurity practices in the sector.
When Did This Breach Occur?
The breach occurred on or around December 11, 2025. Tri-Cities Gastroenterology confirmed the breach and began notifying affected individuals on April 29, 2026 after completing their investigation on April 22, 2026.
What Information Was Breached?
The potentially exposed information includes:
- Full name
- Social Security number
- Date of birth
- Address
- Email address
- Phone number
- Gender
- Medical record number
What You Can Do
If you were impacted by the Tri-Cities Gastroenterology data breach, it’s crucial to take immediate steps to protect your personal information. Start by enrolling in the Experian IdentityWorksSM services offered for free for 12 months. These services will provide you with regular credit monitoring and alerts for suspicious activity, helping you detect and resolve identity theft if it occurs.
In addition to the identity monitoring services, Tri-Cities Gastroenterology recommends that you remain vigilant by reviewing your financial account statements and credit reports for any unauthorized activity. You can request a free credit report from the three major credit bureaus and place fraud alerts or security freezes on your credit files to prevent new accounts from being opened in your name.
Furthermore, be cautious of phishing attempts or fraudulent communications that may try to exploit the breach. If you receive any unsolicited emails or phone calls asking for your personal or financial information, verify the legitimacy of the request before providing any details.
By following these steps, you can help protect yourself from potential misuse of your data and reduce the risk of further harm.
File a Data Breach Lawsuit Against Tri-Cities Gastroenterology
If your personal information was involved in the Tri-Cities Gastroenterology data breach, you may have the right to seek compensation for damages caused by the incident. Data breach lawsuits typically aim to recover damages for emotional distress, loss of privacy, and the costs associated with mitigating identity theft or fraud.
Class action lawsuits allow individuals who have been similarly impacted by the same breach to join together and take collective legal action against the responsible organization. This provides a way to ensure that large companies are held accountable for mishandling sensitive information and failing to adequately protect personal data.
If you believe you were affected by the Tri-Cities Gastroenterology data breach, it is important to explore your legal options. Contact a lawyer experienced in data breach lawsuits to learn more about how you can pursue compensation for any harm caused by the breach.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
