Sunflower Medical Group says cyber attack impacted over 220,000 patients

Kansas-based healthcare provider Sunflower Medical Group said that the data security incident it suffered last year compromised the sensitive personal information of more than 220,000 individuals.

 

Sunflower Medical Group provides comprehensive medical services across multiple locations in the Kansas City metropolitan area. It specialises in prevention, detection, and treatment of common medical problems, including primary care, urgent care, obstetrics and gynaecology and more.

 

In a data security incident notice filed with the Office of Maine Attorney General, Sunflower said that on January 7, it identified unauthorised access to its internal network where threat actors  potentially accessed and acquired copies of certain files. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected systems and notified relevant law enforcement authorities about the incident.

 

“The investigation determined that an unknown third party accessed Sunflower’s systems on or about December 15, 2024, and acquired copies of certain files from our systems as a part of the incident,” read the notice.

 

The compromised data includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical information, and health insurance information. In the filing with the Maine state regulator, Sunflower said it has identified at least 220,968 individuals who were impacted by the incident. 

 

While Sunflower found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

The healthcare provider has also offered one year of complimentary identity protection and credit monitoring services through Experian IdentityWorks to all affected individuals. 

 

The Rhysida ransomware Group recently claimed responsibility for the cyber attack on Sunflower and listed it as a victim on its data leak site. The group claimed to be in possession of “more than 400 thousand driver’s licenses, insurance cards, social security numbers” that totalled more than 3 terabytes.

 

The group gave the healthcare provider a deadline of 6 days to pay a ransom of 10 bitcoins, threatening to leak the stolen data if the company doesn’t comply.