Sunflower Medical Group Breach

In December 2024, Kansas-based Sunflower Medical Group experienced a significant data breach. On January 7, 2025, Sunflower detected unusual activity within its IT network and, upon investigation, discovered that an unauthorized party had accessed its systems on December 15, 2024, acquiring copies of files containing sensitive personal information. The breach affected approximately 220,968 individuals, compromising various types of personal information, including names, addresses, dates of birth, Social Security numbers, driver's license numbers, medical information, and health insurance information.
On March 7, 2025, Sunflower Medical Group filed a notice of data breach with the Attorney General of Maine and began sending out data breach notification letters to all individuals whose information was affected by the incident.