Kansas-based Sunflower Medical Group disclosed to authorities on 7th March that they had suffered a data breach compromising the personal and confidential information of 220,968 individuals.
In a statement on their website entitled ‘Notice of a Data Security Incident,’ Sunflower provided details about the attack. They identified how it was on January 7, 2025, when they first became aware of suspicious activity within its computer network. A subsequent investigation conducted in accordance with an unnamed cybersecurity organization revealed to them that an unknown third party had accessed their systems around December 15, 2024, and obtained the personal information of certain individuals. The information stolen varies for each individual but was said to include at least one or more of the following: names, addresses, dates of birth, Social Security numbers, medical information, and health insurance.
Sunflower said they alerted those affected that they were able to and offered them complimentary identity theft protection services. While they claim there is no evidence of misuse of personal information, individuals are advised to monitor their accounts and report any suspicious activity to the relevant authorities. They also explained that additional identity protection information could be found online or through the Federal Trade Commission (FTC).
Rhysida Claim Responsibility
Although Sunflower did not mention ransomware as the method of attack, or the notorious Rhysida ransomware group in their disclosures, the group claimed responsibility for the attack. On January 7th, ransomware tracking sites shared screenshots of the group boasting that they had ‘exclusive, unique, and impressive data’ for sale from Sunflower Medical Group. Data which consisted of a more than 3TB SQL base.
The Rhysida ransomware gang has become synonymous with high-profile attacks since its emergence on the scene in 2003. They were behind one of the most significant attacks of last year that saw them demand a $6 million ransom following an attack on the Seattle-Tacoma (Sea-Tac) airport and its overseeing port in August of 2024. Importantly, they have also targeted healthcare institutions before, claiming responsibility for an attack on the private King Edward VII Hospital in central London in which they claimed to have obtained data from the British royal family.
Healthcare Institutions Continue to Suffer
This disclosure is another blow for the healthcare industry, which regularly tops the charts when it comes to attacks by sector reports and has a staggering average breach cost of $9.77 million. Organizations are increasingly vulnerable to attacks, partly due to outdated systems, poor security posture, and the high value of the confidential patient information they hold.
Healthcare leaders are looking to invest more in cybersecurity solutions, like multi-factor authentication (MFA), to reduce the potential for a ransomware attack significantly. Moreover, the rapid adoption of different medical devices, while beneficial, has created additional vulnerabilities as these devices often lack robust security measures, making them attractive targets for attackers.
Combatting Attackers
As reported in January, the U.S. Department of Health and Human Services (HSS) Office for Civil Rights (OCR) is proposing updates to the HIPAA Security Rule for the first time since 2013 in the wake of a substantial increase in breaches. In seeking to mandate the HIPAA Security Rule as a minimum standard, as opposed to the current situation that permits regulated entities merely to implement an addressable specification, use alternative security measures, or choose not to comply at all, is a big step in the right direction.
Lawrence Pingree, VP at Dispersive, is one of many industry experts who welcome a tightening up and standardizing approach to security in the sector. He believes that “Systems and Identities must be segmented properly, to eliminate lateral movement and authentication without multi-factor can leave you vulnerable. Rapid backup and restore is also important to help defend against ransomware.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
