Cyberattack on Sunflower Medical Group Affects 222,000 Patients
Cyberattacks and data breaches have been announced by Sunflower Medical Group, The Center for Digestive Health, NVW Newco, Endless Mountains Health Systems, and the Department of Veterans Affairs Eastern Colorado Health Care System.
Sunflower Medical Group, Kansas
Sunflower Medical Group, a private multi-specialty medical group with four care centers in Kansas City, Lenexa, and Roeland Park in Kansas, has suffered a data breach involving the personal and protected health information of 220,968 individuals. Suspicious activity was identified within its network on January 7, 2025, with the third-party forensic investigation confirming that an unauthorized actor had access to its network from December 15, 2024, until January 7, 2025. During that time, files were exfiltrated from its network, some of which contained patient data. The file review confirmed that the types of data compromised in the cyberattack included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical information, and health insurance information.
Sunflower Medical Group is unaware of any misuse of the stolen data, but as a precaution, has offered complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers or driver’s license numbers were involved. Technical safeguards have also been enhanced to prevent similar incidents in the future.
The Rhysida ransomware group has claimed responsibility for the attack and has added Sunflower Medical Group to its data leak site. According to the listing, a 3-terabyte SQL database was exfiltrated in the attack, which allegedly contained the data of around 400,000 individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Sunflower Medical Group notified the Maine Attorney General that the breach affected 220,968 individuals; however, a breach report with the HHS’ Office for Civil Rights indicates 220,968 individuals have been affected. Rhysida has conducted many attacks on healthcare organizations, with recent victims including Community Care Alliance and Ann & Robert H. Lurie Children’s Hospital in Chicago.
Center for Digestive Health, Florida
Gastroenterology Associates of Central Florida, doing business as Center for Digestive Health, has detected unauthorized access to its network. Suspicious activity was identified within its computer systems on April 11, 2024. A third-party cybersecurity firm was engaged to investigate the activity and confirmed that an unauthorized actor had accessed and acquired certain files and data within its network. The review of the compromised files was completed on January 22, 2025, and it was confirmed that they contained the personal and protected health information of 122,437 individuals who had previously received care at either the Center for Digestive Health or the Center for Digestive Endoscopy.
The compromised data varied from individual to individual and may have included names, dates of birth, health information, and Social Security numbers. Additional monitoring tools have been deployed, and complementary Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services have been offered to the affected individuals.
NVW Newco, Arizona
NVW Newco, an Arizona healthcare provider, has notified 3,232 individuals about a data privacy incident that involved their protected health information. On or around December 30, 2024, NVW Newco learned that certain group Outlook meeting invitations from an employee of First Light Wilderness had been circulated to individuals associated with Deschutes Wilderness, New Vision Wilderness, and/or First Light Wilderness.
The meeting invitations were canceled; however, email contact information was visible to all recipients of those invitations when the email addresses should have been hidden. The invitations were circulated on September 3, 2024, October 3, 2024, November 7, 2024, and/or December 30, 2024. When the error was discovered, the calendar system was reviewed to identify safeguards that could be implemented to prevent similar incidents in the future, and the staff was re-educated on the importance of adding email addresses to the BCC field. While the risks associated with the incident are believed to be low, all affected individuals have been advised to be vigilant against phishing attempts and other fraud.
Department of Veterans Affairs Eastern Colorado Health Care System
The Department of Veterans Affairs Eastern Colorado Health Care System (VA ECHCS) has notified 1,115 individuals about a recent email incident at the Rocky Mountain Regional VA Medical Center that exposed some of their protected health information. On January 30, 2025, a program office inadvertently attached a spreadsheet to an email when the intention was to attach a flyer for an upcoming event. The spreadsheet contained full names, mailing addresses, email addresses, phone numbers, and the last four digits of Social Security numbers. The error was quickly identified, and an attempt was made to recall the messages, but that attempt was unsuccessful. All recipients of the initial message were emailed a request to delete the email and spreadsheet, and all affected veterans have been notified by mail about the privacy incident.
Endless Mountains Health Systems, Pennsylvania
Endless Mountains Health Systems (EMHS), a Pennsylvania healthcare provider with locations in Hallstead and Montrose, has announced that it recently experienced a cyberattack that impacted its operations. The investigation into the incident is ongoing, and cybersecurity experts are working on restoring full functionality to its systems as quickly and safely as possible. Since systems are offline, patients have been asked to bring photo IDs, insurance cards, medication lists, allergy details, and lab/imaging orders with them to their appointments, and patients have been advised to phone the centers to schedule appointments. It is currently unclear which hacking group was behind the attack and if patient data was compromised.
