Hackers with the ransomware group the Gentlemen carried out attacks on two San Antonio healthcare companies this month, lawsuits allege. The companies, South Texas Spinal Clinic PA and Soniva Dental LLC, are facing potential class action lawsuits over the alleged incidents.
Two San Antonio healthcare providers are facing multiple proposed class-action lawsuits over separate alleged ransomware attacks earlier this month.
The suits accuse South Texas Spinal Clinic PA and Soniva Dental LLC of failing to safeguard patients’ sensitive personal and medical information and delaying notification after the alleged breaches.
Article continues below this ad
In both cases, the suits say, a ransomware group known as the Gentlemen publicly claimed responsibility for the attacks.
South Texas Spinal Clinic has been named in at least six lawsuits filed in state District Court in San Antonio, while Soniva Dental has been sued in at least two similar cases.
The lawsuits were filed over the last two weeks and each seeks monetary relief exceeding $1 million. Each also asks a judge to certify a class of patients whose information was allegedly exposed by the defendant in that case. Judges ultimately will decide whether any classes are certified and whether the lawsuits involving each company should be consolidated.
Article continues below this ad
As of Thursday morning, neither company appeared in the Texas attorney general’s online breach notification database. Texas law generally requires businesses to notify the attorney general within 30 days after determining that a reportable breach affecting at least 250 state residents has occurred.
The federal Department of Health and Human Services’ public breach database had not yet been updated to include June 2026 incidents, making it impossible to determine whether either company had reported there.
Representatives for both companies did not respond to a request for comment.
In one of the suits against South Texas Spinal Clinic, filed by San Antonio resident Jennifer Garza, she alleges the number of those affected by a June 15 breach could be “tens of thousands” of current and former patients and employees. She was a patient.
Article continues below this ad
She says the breach compromised names, dates of birth, Social Security numbers, medical records and other personal information.
The clinic failed to implement adequate cybersecurity procedures to protect patients’ personal information, the suit adds.
Garza’s and the other lawsuits against the clinic allege it had not notified affected patients of the alleged breach even though it had been reported on cybersecurity company websites.
The clinic has made “no effort” to contact individuals “to inquire whether their data has been misused, has established no mechanism … to report misuse” or provided information on how to protect themselves, Garza says in her suit. They “have been left entirely without recourse or information from the party best positioned to provide it.”
Article continues below this ad
Citing research by cybersecurity firm Trend Micro last year, Garza’s lawsuit says the Gentlemen is an “advanced threat actor that emerged as a previously undocumented ransomware group targeting organizations across multiple industries, including healthcare.”
ANOTHER ATTACK: Data breach hits Humana customers in Texas, five other states
According to the lawsuit, the Gentlemen is known “to execute a double extortion scheme — both encrypting victims’ files and exfiltrating sensitive data before encryption, threatening public exposure of the stolen data to coerce ransom payment,” the suit adds. “The group deploys ransomware that drops a ransom note on victims’ systems, appends a custom extension to all encrypted files, and takes steps to systematically destroy backups and disable recovery mechanisms including deleting shadow copies, clearing Windows event logs, and disabling real-time security monitoring.”
The suit alleges Garza’s and other patients’ information has been or will be posted on the dark web, a hidden part of the internet often used to buy and sell stolen data.
Article continues below this ad
The alleged data breach at Soniva Dental occurred around June 1, according to the lawsuit filed by Austin patient Champagne Clarence.
According to Clarence’s complaint, the Gentlemen posted Soniva Dental’s name, company description and samples of allegedly stolen data on its leak site.
The suit alleges the breach affected thousands of current and former patients.
