Albany Gastroenterology Consultants: November 2024 Data Breach Affects Almost 58,000 Patients
Albany Gastroenterology Consultants and Inlet Care (Communicare) are notifying patients affected by cyberattacks in November 2024 that involved unauthorized access to systems containing patient data.
Albany Gastroenterology Consultants
Albany Gastroenterology Consultants in New York State has notified the Maine Attorney General about a data breach involving the personal and protected health information of up to 57,751 individuals. Unusual network activity was identified on November 19, 2024, which disrupted access to one of its computer systems. Steps were taken to isolate the system, and an investigation was launched to determine the nature of the activity and whether any patient data had been compromised. The investigation confirmed unauthorized access to its network and that certain personal information was accessed and acquired by the threat actor on November 10, 2024.
While notification letters were mailed to some of the affected individuals on September 23, 2025; however, the data breach was first disclosed by Albany Gastroenterology Associates in January 2025. The first batch of notification letters was mailed on January 28, 2025, and stated that the review of the affected files concluded on January 21, 2025. According to the latest batch of notification letters, the file review was completed on September 17, 2025, indicating further individuals were found to have been affected. The letters state that names and Social Security numbers were involved. While data theft was confirmed, at the time of issuing notifications, Albany Gastroenterology Consultants was unaware of any misuse of the affected data. Steps have since been taken to enhance its security posture to reduce the risk of similar incidents in the future. Complimentary credit monitoring and identity theft protection services have been made available.
Inlet Care (Communicare)
Inlet Care, doing business as Communicare, a provider of behavioral health, developmental disabilities, and substance abuse services in Kentucky, has discovered unauthorized access to its computer network. Unusual activity was identified within its network on November 23, 2024. Steps were immediately taken to secure its systems, and an investigation was launched to determine the nature and scope of the activity. The investigation confirmed that an unauthorized third party had access to its network for a short period on November 23, and while the window of opportunity was short, files containing sensitive information of current and former employees, dependents, and other individuals were exfiltrated from the network.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The review of the affected files has recently been completed, and Communicate has confirmed that they contained names in combination with one or more of the following: Social Security number, date of birth, driver’s license number, state-issued identification number, passport number, military identification number, financial account information, medical information, and health insurance information. Security policies and procedures have been reviewed, and additional cybersecurity measures are being implemented to strengthen security. Notification letters are now being mailed to the affected individuals. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
