Multiple healthcare organizations across the US have recently announced significant cyberattacks and data breaches, impacting hundreds of thousands of patients. These incidents highlight the ongoing vulnerability of the healthcare sector to sophisticated cyber threats and the critical need for robust cybersecurity measures. The attacks underscore the importance of proactive security strategies, as detailed in our guide on Top Cyber Threats Facing Enterprise Businesses in 2025.
Sunflower Medical Group Cyberattack: Data Breach Affects 220,968 Individuals
Sunflower Medical Group, a Kansas-based multi-specialty medical group, experienced a data breach affecting 220,968 individuals. The unauthorized access occurred between December 15, 2024, and January 7, 2025. The attackers exfiltrated files containing sensitive patient data, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical information, and health insurance information.
While Sunflower Medical Group is unaware of any misuse of the stolen data, they’ve offered complimentary credit monitoring and identity theft protection services to affected individuals.
The Rhysida ransomware group claimed responsibility for the attack, adding Sunflower Medical Group to its data leak site, claiming a 3 terabyte SQL database containing data for approximately 400,000 individuals was stolen.
This discrepancy suggests potential duplicate entries in the database. Rhysida has a history of targeting healthcare organizations, with recent attacks on Community Care Alliance and Ann & Robert H. Lurie Children’s Hospital.
Center for Digestive Health: Unauthorized Access and Data Acquisition
Gastroenterology Associates of Central Florida, operating as the Center for Digestive Health, detected unauthorized access to its network on April 11, 2024. A third-party cybersecurity firm investigated and confirmed that an unauthorized actor accessed and acquired certain files and data.
The review of compromised files, completed on January 22, 2025, revealed that they contained the personal and protected health information of 122,437 individuals who received care at the Center for Digestive Health or the Center for Digestive Endoscopy.
The compromised data varied by individual and may have included names, dates of birth, health information, and Social Security numbers. The Center for Digestive Health deployed additional monitoring tools and offered complimentary Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services to affected individuals.
NVW Newco: Email Invitation Error Exposes Contact Information
NVW Newco, an Arizona healthcare provider, notified 3,232 individuals about a data privacy incident involving their protected health information. On or around December 30, 2024, NVW Newco discovered that certain group Outlook meeting invitations from an employee of First Light Wilderness had been circulated to individuals associated with Deschutes Wilderness, New Vision Wilderness, and/or First Light Wilderness.
The meeting invitations, circulated on September 3, October 3, November 7, and/or December 30, 2024, were cancelled. However, email contact information was visible to all recipients, despite being intended to be hidden. Following the discovery, NVW Newco reviewed its calendar system to implement safeguards and re-educated staff on the importance of using the BCC field for email addresses. While the risks are considered low, affected individuals were advised to be vigilant against phishing attempts and other fraud.
Department of Veterans Affairs Eastern Colorado Health Care System: Email Error Leads to Data Exposure
The Department of Veterans Affairs Eastern Colorado Health Care System (VA ECHCS) notified 1,115 individuals about an email incident that exposed some of their protected health information. On January 30, 2025, a program office inadvertently attached a spreadsheet to an email intended to contain a flyer for an upcoming event. The spreadsheet contained full names, mailing addresses, email addresses, phone numbers, and the last four digits of Social Security numbers.
The error was quickly identified, and an attempt was made to recall the messages, but this was unsuccessful. All recipients received an email requesting deletion of the email and spreadsheet, and all affected veterans were notified about the privacy incident by mail.
Endless Mountains Health Systems: Ongoing Cyberattack Impacts Operations
Endless Mountains Health Systems (EMHS), a Pennsylvania healthcare provider with locations in Hallstead and Montrose, experienced a cyberattack impacting its operations. The investigation is ongoing, and cybersecurity experts are working to restore full functionality to its systems.
Due to offline systems, patients were asked to bring photo IDs, insurance cards, medication lists, allergy details, and lab/imaging orders to their appointments. Patients were also advised to phone the centers to schedule appointments. The responsible hacking group and the extent of data compromise remain unclear.
Helpful Reads:
