MO: Tague Family Practice patient records stolen and leaked

Tague Family Practice (TFP) in St. Louis, Missouri is a primary care practice that strives to maintain the traditional care model of a doctor who spends time getting to know you and providing preventative care as well as care for acute problems or chronic conditions.

On some date unknown to, the practice fell victim to a LockBit ransomware attack.

On March 17, the threat actors added TFP to their leak site. More recently, they dumped data that certainly appears to be from the practice. did not download or examine all of the files, but sampled from some of them. The files pretty much all contained personal and protected health information, and much of it was sensitive. The dump did not seem to be of any organized EMR system, but may have been from a backup, with subfolders on billing, processed claims, labs, other patient-related records. Personal information on employees was also included, but did not see any payroll or tax records in the brief review of files.

Termination of Care Letter
As proof of claim, LockBit posted the unredacted version of this letter to a patient saying that they would have to find another doctor because Dr. Tague would no longer treat them.



Request for records
The state sought the records of a patient who had serious health issues, as identified in this letter. Redacted by

This incident does not appear on HHS’s public breach tool at the time of this posting. does not know how many patients had their data accessed and/or acquired. The medical practice has not responded to multiple inquiries sent to it over the past three weeks. As one consequence, does not know whether the practice has sent any notification letters to patients and to what extent the practice might have been impacted by any file encryption or corruption. There is nothing on the practice’s website to suggest that there had been any interruption in services.

This post may be updated when more information becomes available.

If you are a patient of Tague Family Practice, please contact this site to let us know if you have received any notification of a data security incident affecting your information.

About the author: Dissent

Comments are closed.