Sunflower Medical Group, a Kansas healthcare provider with multiple urgent care facilities, confirmed a cyberattack on December 15th exposed sensitive information from nearly 221,000 of its patients.
The company said it initially discovered the breach on January 7, but the investigation revealed that hackers had been inside their systems since mid-December and made copies of Sunflower’s files.
Data potentially impacted includes:
- Names
- Addresses
- Dates of birth
- Social Security numbers
- Driver’s license numbers
- Medical information
- Health insurance information
The Rhysida ransomware gang took credit for the attack in January on its dark web leak site with proof of claims, threatening to leak the stolen data if a ransom of about $800,000 was not paid.
When Rhysida leaked the data, they claimed they had 7.6 TB, consisting of 5,277,062 files. A DataBreaches investigation found that entire backups were included, as well as folders with patient data.
Lawrence Pingree, VP, Dispersive:
“Systems and Identities must be segmented properly, to eliminate lateral movement and authentication without multi-factor can leave you vulnerable. Rapid backup and restore is also important to help defend against ransomware.”
While the number isn’t huge by 2025 standards, this is still very bad. And it will get worse for those affected as the data that was swiped will undoubtably be used in secondary attacks. Which means that this will have knock on effects for a long time to come.
Like this:
Like Loading...
Related
This entry was posted on March 11, 2025 at 12:07 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Kansas urgent care provider confirms over 220,000 patient’s data swiped in a cyberattack
Sunflower Medical Group, a Kansas healthcare provider with multiple urgent care facilities, confirmed a cyberattack on December 15th exposed sensitive information from nearly 221,000 of its patients.
The company said it initially discovered the breach on January 7, but the investigation revealed that hackers had been inside their systems since mid-December and made copies of Sunflower’s files.
Data potentially impacted includes:
The Rhysida ransomware gang took credit for the attack in January on its dark web leak site with proof of claims, threatening to leak the stolen data if a ransom of about $800,000 was not paid.
When Rhysida leaked the data, they claimed they had 7.6 TB, consisting of 5,277,062 files. A DataBreaches investigation found that entire backups were included, as well as folders with patient data.
Lawrence Pingree, VP, Dispersive:
“Systems and Identities must be segmented properly, to eliminate lateral movement and authentication without multi-factor can leave you vulnerable. Rapid backup and restore is also important to help defend against ransomware.”
While the number isn’t huge by 2025 standards, this is still very bad. And it will get worse for those affected as the data that was swiped will undoubtably be used in secondary attacks. Which means that this will have knock on effects for a long time to come.
Share this:
Like this:
Related
This entry was posted on March 11, 2025 at 12:07 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.