A comprehensive data breach at Sunflower Medical Group has potentially exposed sensitive personal information for nearly all of its patients, triggering a potential class-action lawsuit by Kantrowitz, Goldhamer & Graifman, P.C. The cyber attack, which began on December 15, 2024, and was discovered on January 7, 2025, involved a foreign malicious agent infiltrating the medical group's network. The forensic investigation confirmed unauthorized access to an extensive range of personal data across Sunflower's four care centers located in Kansas City, Lenexa, and Roeland Park.
Stolen information included comprehensive personal identifiers such as full names, addresses, Social Security numbers, driver's license numbers, dates of birth, health insurance details, and medical information. The breach potentially impacts patients across Sunflower's specialties, which include internal medicine, family practice, pediatrics, and obstetrics and gynecology. On March 7, 2025, Sunflower Medical Group reported the data compromise to the Maine Attorney General and subsequently notified all potentially affected patients. The extensive nature of the stolen data increases the potential risk of identity theft and personal information misuse for those impacted.
This incident underscores the ongoing cybersecurity challenges facing healthcare providers and the critical importance of robust network security protocols. The potential class-action investigation suggests potential legal scrutiny of Sunflower Medical Group's data protection practices. For more information on how to protect yourself from identity theft, visit https://www.identitytheft.gov.
