Sunflower Medical Group has notified 220,968 people of a December attack by Rhysida.
According to their submission to the Maine Attorney General’s Office and their notification letter to those affected, the Kansas-based group of independent physicians detected the attack on January 7, 2025. Investigation revealed that it had occurred on December 15, 2024.
The day they reportedly detected the attack is the same day that Rhysida added Sunflower to its dark web leak site with proof of claims and a demand f0r 10 BTC.
Rhysida subsequently leaked what they described as more than 400,000 driver’s licenses, insurance cards, SSN, and other files — including an Sql database that was more than 3 TB.
Sunflower’s notification informs patients that “The type of information varied by individual but may have included one or more of the following: name, address, date of birth, Social Security number, driver’s license number, medical information, and health insurance information.” They added, “We have no evidence to believe that your personal information has been misused for the purpose of committing fraud or identity theft. Nonetheless, we are writing to advise you about the incident and to provide you with guidance on what you can do to protect yourself, should you feel it is appropriate to do so.”
Would people “feel it is appropropriate to do so” if they had been told their data was now freely available on the dark web to anyone who wanted to download it?
When Rhysida leaked the data, they claimed they had 7.6 TB, consisting of 5,277,062 files. DataBreaches examined the data leak and found that entire backups were included, as well as folders with driver’s licenses and insurance cards. Databreaches also noted folders with patient complaints and other correspondence concerning named patients.
This incident does not yet appear on HHS’s public breach tool, and the number reported is for the total number of people affected, as reported to Maine. The number of patients affected may be the same or it may be some subset of that total.
Center for Digestive Health provider name, Social Security number, date of birth,
and health information. 0===> 122437 to Maine in March 2025 4/1/2024. Disc 5/7/24 518 BianLian FL hack LEAKED
Gastroenterology Associates of Central Florida, P.A. dba Center for Digestive Health (“the Clinic” or “we”) is writing to
inform you of a recent data security incident that may have resulted in unauthorized access to your sensitive personal
information. The personal information involved may have been related to care you received at the Clinic and/or the Center
for Digestive Endoscopy. While the Clinic is unaware of any fraudulent misuse of your personal information at this time,
we are providing you with details about the incident, steps we are taking in response, and resources available to help you
protect against the potential misuse of your information. Please be assured that the Clinic takes the protection and proper
use of your personal information very seriously.
2.2 TB leaked
BianLian reported:
Data description:
A physical and medical history examination.
Accounting, budget, financial data.
Contract data and NDA’s.
Accidents.
Files from CFO PC.
Operational and business files.
Email and msg archives.
Letter to Maine reported: name, Social Security number, date of birth,
and health information.
https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/24a40045-82cd-41d5-87de-9d000c3357ec.html