Cyber Incident Victim: Gastroenterology Consultants Ltd
Date:
Dec 2020
Location:
United States of America
Summary
Gastroenterology Consultants Ltd. experienced a ransomware attack by Conti threat actors, resulting in the exposure of protected health information on a dedicated leak site. The Nevada-based medical entity did not publicly acknowledge the incident or issue any statements following the breach. This incident was part of a broader pattern of healthcare sector targeting by ransomware groups, where stolen data was publicly dumped to pressure victims into paying ransoms. Conti's leak site listed multiple healthcare providers, with some victims reporting breaches to regulators while others remained unresponsive, highlighting inconsistent disclosure practices across affected organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Gastroenterology Consultants Ltd, a medical group based in Nevada, was listed on the Conti ransomware group’s dedicated leak site on December 23, 2020, following a ransomware attack. The Conti threat actors publicly disclosed the entity as a victim, indicating that protected health information (PHI) or other sensitive data may have been exfiltrated during the incident. This placement on the leak site typically follows a ransomware attack where the victim does not meet the attackers’ extortion demands, leading to the threat of data exposure or actual publication of stolen files. The medical group did not issue any public statements, notifications to patients, or regulatory disclosures at the time of the article’s publication on October 20, 2020. No details were provided regarding the initial attack vector, the specific systems compromised, or the exact scope of data accessed. Conti’s leak site listing did not specify the volume or nature of data allegedly stolen, though similar attacks by the group often involved exfiltrating patient records, financial documents, or employee information.
The incident occurred amid a broader surge in ransomware attacks targeting healthcare entities in 2020, with Conti among the most active groups. Conti’s leak site included multiple healthcare providers during this period, such as Galstan & Ward Family and Cosmetic Dentistry, Taylor Made Diagnostics, and Leon Medical Centers, with varying levels of victim responsiveness. In some cases, like Galstan & Ward, breaches were reported to the U.S. Department of Health and Human Services (HHS) and affected patients within months of the attack. Gastroenterology Consultants Ltd, however, remained silent, with no evidence of breach notifications to HHS or patients as of the article’s publication. The lack of public disclosure left the extent of patient or operational impacts unclear, though Conti’s history suggested risks of PHI exposure or financial data misuse. No containment actions, forensic investigations, or recovery efforts by the entity were documented in the available source material.