In December 2024, Sunflower Medical Group, a healthcare provider based in Kansas, was targeted by a cyberattack. Hackers gained unauthorized access to the company’s systems on December 15, potentially exposing sensitive data of nearly 221,000 patients. This breach compromised various types of personal information, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical records, and health insurance details. The breach was discovered by Sunflower on January 7, 2025, and a cybersecurity firm was hired to investigate the incident, revealing that the attackers had accessed files in mid-December.
Sunflower quickly notified relevant regulatory bodies in Maine, Vermont, and California and posted a public notice to inform those affected.
They also sent letters to the impacted individuals for whom valid mailing addresses were available. To assist victims, Sunflower offered one year of complimentary credit monitoring services, particularly for those whose Social Security or driver’s license numbers were compromised. Although the company has not reported any operational disruptions or confirmed if the attack was ransomware-related, the breach was considered significant due to the large number of patients impacted.
The Rhysida ransomware group claimed responsibility for the cyberattack in January 2025.
This group threatened to release the stolen data unless a ransom of $800,000 was paid. Rhysida has a history of targeting healthcare facilities and nonprofits, including Prospect Medical and Lurie Children’s Hospital in Chicago. While Sunflower did not provide specific details on the ransom demand’s outcome, the group’s involvement highlights the increasing risks posed to healthcare organizations, which are attractive targets for cybercriminals due to the sensitive nature of their data.
In response to the breach, Sunflower encouraged affected individuals to stay alert for potential fraud or identity theft. The company recommended that patients monitor their credit reports and account statements for any unusual activity. Sunflower also provided guidance on reporting fraudulent activity to law enforcement and offered resources for identity protection. At present, there is no evidence suggesting that the stolen data has been misused, but Sunflower is continuing to take steps to ensure the security of its systems and protect its patients’ information moving forward.
Reference:
