More than 300,000 US healthcare patients impacted in suspected Rhysida cyber attacks
US-based healthcare organizations have acknowledged data breaches exposing PII and medical information linked to the Rhysida group


Two US healthcare organizations have warned threat actors were able to breach their internal systems, exposing more than 300,000 individuals.
On 7 March 2025, Kansas-based healthcare provider Sunflower Medical Group published an alert stating that over 220,000 patients had their personally identifiable information (PII) accessed in a data breach.
An advisory published by the firm revealed it discovered suspicious activity within its network on 7 January 2025 and engaged a leading security firm to conduct an investigation.
The subsequent investigation found an unknown third party had accessed Sunflower’s systems around 15 December 2024 and was able to copy files from the firm's internal systems while doing so.
The advisory stated that the specific information accessed by the attackers varied by individual, but could include their name, address, date of birth, social security number (SSN), driver’s license number, medical information, and health insurance information.
Sunflower said it has contacted the affected individuals for whom it had valid mailing addresses to notify them of their potential exposure and offer identity theft protection services to those whose SSNs and driver’s licenses were compromised.
It added that the firm has not found any evidence of personal information being abused by threat actors, but advised continued vigilance from affected individuals.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Rhysida linked to two breaches announced on the same day
The Rhysida ransomware group claimed responsibility for the attack back in January 2025 when it listed Sunflower on its leak site, stating the stolen information was available to the highest bidder.
The post claimed the group had stolen an SQL database consisting of more than 3TB of data and was in possession of 400,000 driver’s licences, insurance cards, and SSNs.
On the same day, another healthcare organization specializing in mental illness and addiction, the Community Care Alliance, informed authorities that it too had been breached in July 2024.
The company told authorities that just under 115,000 individuals were affected by the breach.
RELATED WHITEPAPER
“On or around January 8, 2025, we completed our investigation and determined the types of information potentially affected may include individuals’ name and one or more of the following: address, date of birth, driver’s license number, Social Security number, diagnosis/condition, lab results, medications, patient ID number, health insurance information, provider name and/or other treatment information,” the firm advised.
The Rhysida gang also claimed responsibility for this attack, claiming it had a 2.5TB SQL database available for sale.
The group was first observed in the summer of 2023, rising to fame after its notable attack on the British Library which crippled its online information systems and led to the release of 600GB of material online.
CISA has highlighted that the Rhysida ransomware gang has established a reputation for impacting “targets of opportunity” including organizations in the education, healthcare, manufacturing, information technology, and government sectors.
MORE FROM ITPRO
- 12,000 API keys and passwords were found in a popular AI training dataset
- Cobalt Strike abusers have been dealt a hammer blow
- Malware-free attacks surged in 2024 as attackers drop malicious software for legitimate tools

Solomon Klappholz is a former staff writer for ITPro and ChannelPro. He has experience writing about the technologies that facilitate industrial manufacturing, which led to him developing a particular interest in cybersecurity, IT regulation, industrial infrastructure applications, and machine learning.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
More than 5 million Americans just had their personal information exposed in the Yale New Haven Health data breach – and lawsuits are already rolling in
News A data breach at Yale New Haven Health has exposed data belonging to millions of people – and lawsuits have already been filed.
By Emma Woollacott
-
Healthcare organizations are turning a blind eye to phishing attacks
News A survey reveals that most attacks go unreported, putting patient data at risk
By Emma Woollacott
-
Healthcare systems are rife with exploits — and ransomware gangs have noticed
News Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
By Nicole Kobie
-
‘It’s your worst nightmare’: A batch of €5 hard drives found at a flea market held 15GB of Dutch medical records – and experts warn it could’ve caused a disastrous data breach
News Robert Polet made a startling discovery after finding hard drives on sale for €5 each in a flea market.
By Solomon Klappholz
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
By Nicole Kobie
-
Healthcare data breaches are out of control – here's how the US plans to beef up security standards
News Changes to HIPAA security rules will require organizations to implement MFA, network segmentation, and more
By Solomon Klappholz
-
Five ways cyber criminals target healthcare and how to stop them
Supported content Medical institutions are among the top targets for threat actors, here five major threats facing the healthcare sector and what organizations can do to stay secure
By Solomon Klappholz
-
Protecting healthcare from cybercrime
Whitepaper Best practices to address evolving cyber security threats
By ITPro