Over 560,000 individuals have been affected by four significant data breaches recently reported by healthcare entities, including Hillcrest Convalescent Center, Gastroenterology Associates of Central Florida, Community Care Alliance, and Sunflower Medical Group.

Sunflower Medical Group Breach

The most extensive breach was reported by Sunflower Medical Group, a healthcare provider based in Kansas. The breach was discovered on January 7, 2025, revealing that unauthorized access began on December 15, 2024. Compromised data includes personal identifiers like names, addresses, birth dates, Social Security numbers, and medical and insurance details.

The Rhysida ransomware group claimed responsibility, alleging the theft of over 3TB of data. Although they claimed 400,000 individuals were affected, Sunflower reported to the Maine Attorney General that the number was 220,000.

Hillcrest Convalescent Center Incident

In late June 2024, Hillcrest Convalescent Center, a North Carolina-based facility, identified suspicious network activity. Subsequent investigations confirmed data theft, including names, Social Security numbers, birth dates, financial details, and medical records. The breach impacted slightly over 106,000 people, as reported to the Maine Attorney General.

Center for Digestive Health Breach

Gastroenterology Associates of Central Florida, operating as the Center for Digestive Health, detected a breach in April 2024. Investigations suggested that the BianLian ransomware group accessed data such as names, Social Security numbers, birth dates, and health information of over 122,000 individuals.

Community Care Alliance Data Compromise

Community Care Alliance, located in Rhode Island, experienced a breach in early July 2024. By January 2025, it was determined that sensitive information, including names, addresses, birth dates, and medical records, was compromised. Approximately 115,000 individuals were affected, according to reports to the Maine Attorney General and the Department of Health and Human Services. The Rhysida ransomware group also claimed responsibility for this attack.

In 2024, a total of 720 healthcare data breaches were reported to the US government, affecting 186 million user records. Learn more about zero-day vulnerabilities in our detailed Research section.

The link has been copied!