Cyber Incident Victim: Illinois Gastroenterology Group

Illinois Gastroenterology Group (IGG) detected unusual network activity on October 22, 2021, prompting an investigation into a potential security incident. By November 18, 2021, the organization confirmed that an unauthorized actor had gained access to its systems and that information stored within those systems may have been viewed or exfiltrated. The breach potentially impacted 227,943 individuals whose personal and medical data resided on the compromised systems. Exposed information included names, birth dates, Social Security numbers, driver's license numbers, passport details, financial account information, physical addresses, payment card data, biometric information, employer-assigned identification numbers, and medical records. IGG's investigation found no evidence suggesting that the accessed information had been misused for identity theft or fraudulent activities following the breach discovery. The organization did not disclose the specific duration of unauthorized access prior to detection or the exact methods used by the threat actor to infiltrate its network.

In response to the incident, IGG implemented immediate containment measures including password resets across its systems and enrolled employees with privileged access into a multifactor authentication platform. The organization augmented its existing network security policies and procedures to strengthen defenses against future intrusions. IGG accelerated deployment of an enhanced managed Security Operations Center featuring an endpoint detection and response platform configured with ransomware-specific security policies. These technical enhancements were complemented by organizational policy revisions addressing network security protocols. The breach notification did not specify whether third-party cybersecurity firms were engaged during the investigation or whether law enforcement agencies were involved in the incident response process.