Fraud Management & Cybercrime,
Litigation,
Ransomware
Cybercrime Group Rhysida Continues to Feature Victims on Its Leak Site
Sunflower Medical Group, a healthcare provider in Kansas, has committed to paying $1.2 million to settle proposed class action litigation tied to a severe cyberattack affecting the personal data of approximately 256,000 individuals. The ransomware operation known as Rhysida has claimed responsibility for the breach.
The court-approved preliminary settlement allows victims to claim a one-time compensation of $10 or submit receipts for reimbursement of out-of-pocket losses up to $5,000. Legal representatives for the plaintiffs have requested that half of the settlement amount be allocated to their fees and associated costs.
As part of the agreement, Sunflower Medical will furnish class counsel with a confidential statement regarding enhanced cybersecurity measures adopted to mitigate future breaches. The medical group serves patients across Kansas and Missouri, providing a range of services, including family healthcare and telehealth.
A hearing for final approval of the settlement is scheduled for March 6, 2026, in a Missouri state court. As of the latest update, Rhysida continues to list Sunflower Medical on its dark web site, identifying the group as a victim since January 7. The Russian-speaking cybercriminals claim to have extracted over 3 terabytes of data, including more than 400,000 driver’s licenses and Social Security numbers.
Samples of the reportedly stolen data exhibit images of driver’s licenses, health insurance cards, and other sensitive patient information. Sunflower Medical promptly informed federal and state authorities about the breach in March, estimating the affected population at about 221,000 individuals. However, settlement documents later revised this figure to 255,734, as detailed in prior reports on Rhysida’s Targeting of Healthcare Providers.
The group acknowledged in its breach notification letter that it became aware of unauthorized access to its systems on January 7, 2025, with further investigation revealing that the systems had been compromised around December 15, 2024. The consolidated lawsuit against Sunflower Medical brings forth several allegations, including negligence and violations of state statutes.
Neither Sunflower Medical Group nor the attorneys representing affected individuals responded to inquiries regarding the settlement or the details of the hacking incident at the time of publication.
