Primary and specialty care medical group.
Kansas-based Sunflower Medical Group detected unusual network activity on January 7, 2025 and determined an unauthorized party had accessed its systems around December 15, 2024, copying files with sensitive personal information. The Rhysida ransomware group claimed responsibility, advertising an exfiltrated ~3 TB SQL database (claimed to hold data on roughly 400,000 patients). Sunflower filed a breach notice with the Maine Attorney General on March 7, 2025 and notified affected individuals. Official filings put the affected count at 220,968; a DataBreach.com parse recorded 356,822. Exposed data included names, addresses, dates of birth, Social Security numbers, driver's license numbers, medical information, and health insurance information. The company later agreed to a class-action settlement of up to $1.2 million.
ObscureIQ assessment: Severe risk of identity theft, medical fraud, insurance abuse, and targeted healthcare scams. Care-network data can also expose ongoing treatment relationships.
The exposure combined identity, government-ID, and clinical data (Social Security numbers, driver's licenses, medical information, health insurance) for more than 220,000 patients, creating severe identity-theft, medical-fraud, and insurance-abuse risk. Rhysida's exfiltration of a multi-terabyte database and its offer for sale heighten the likelihood of downstream misuse, and the breach generated significant class-action liability.
Sunflower Medical Group is a Kansas-based primary and specialty care medical practice providing outpatient healthcare across multiple clinics. It maintains patient identity, contact, insurance, billing, scheduling, and treatment records spanning primary and specialty care relationships.
Medical practice networks collect patient identity, contact, insurance, billing, appointment, and treatment records across primary and specialty care operations.
After the December 2024 intrusion (detected January 7, 2025), Sunflower notified affected individuals, filed with state regulators, and offered identity-theft protection. It later agreed to a class-action settlement of up to $1.2 million. The Rhysida ransomware group claimed the attack and advertised a 3 TB SQL database for sale.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.
If you believe your information may be included:
Kansas-based Sunflower Medical Group detected unusual network activity on January 7, 2025 and determined an unauthorized party had accessed its systems around December 15, 2024, copying files with sensitive personal information. The Rhysida ransomware group claimed responsibility, advertising an…
Verified fields include Account Balance, Date of Birth, Driver's License, Email Address, Full Name, Health Insurance, Medical Diagnosis, Phone Number, Physical Address, Social Security Number.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation