On August 7, 2024, Internal Medicine Associates, LLC, doing business as Gastrointestinal Medicine Associates (GMA), reported a data breach to the Attorney General of Massachusetts. The breach involved unauthorized access to the company’s IT network, which compromised sensitive consumer information, including names, Social Security numbers, and medical details. Following the investigation, GMA sent out notification letters to all affected individuals, informing them of the breach and providing further details on the compromised data.
The breach was first detected on April 15, 2024, when GMA noticed suspicious activity within its network. In response, the organization secured its systems and launched an investigation with the help of third-party cybersecurity experts. The investigation revealed that the unauthorized party had access to the network between April 5 and April 15, 2024. During this time, the intruder managed to copy confidential patient data, heightening concerns over the exposure of sensitive information.
Once GMA identified the individuals affected by the breach, it completed a thorough review of the compromised files by June 23, 2024. The specific information exposed varied by individual but generally included names, Social Security numbers, and medical records. Following this discovery, GMA moved forward with notifying all individuals whose data was involved in the breach, aiming to provide transparency and assistance in mitigating potential risks.
Gastrointestinal Medicine Associates is based in Cranston, Rhode Island, and offers a range of gastroenterology services, such as colonoscopies and endoscopies. The organization operates nine locations across Rhode Island and generates approximately $5 million in annual revenue. With over 25 employees, GMA is a key player in the region’s healthcare sector, now grappling with the aftermath of this significant data security incident.
Reference: