Sunflower Medical Group reports data breach exposing 220K people
Learn More
Sunflower Medical Group, P.A., a healthcare organization operating four facilities across the Kansas City metro area, is reporting a data breach that compromised sensitive patient information.
The breach to Sunflower Medical Group's systems occurred on or about December 15, 2024. However, the organization did not detect the intrusion until January 7, 2025 - almost a month later. After discovering the breach, Sunflower engaged a forensic security firm to assist with the investigation.
By February 24, 2025, the organization had determined which files were compromised and what personal information was affected. The exposed data includes:
- Full names
- Home addresses
- Dates of birth
- Social Security numbers
- Driver's license numbers
- Medical information
- Health insurance information
The official report from Sunflower Medical claims that the data breach affected 220,968 individuals. However, the Rhysida ransomware gang, which claimed responsibility for the attack, stated that the stolen data comprises more than 400,000 identity documents and Social Security numbers. The breach reportedly involved 7.6 TB of data, including a 3 TB SQL database.
Notification letters to impacted individuals were sent on March 7, 2025, and is offering affected individuals a complimentary one-year membership to Experian IdentityWorks Credit 3B.
