Skip to main content
Over a doctor’s shoulder we see a spreadsheet of medical data on a vulnerable hospital computer.

Sunflower Medical Group Data Breach Investigation

Written by Joseph Lyon on . Posted in Uncategorized.

According to a data breach notice sent to the Attorney Generals of California and Maine, Sunflower Medical Group, operating out of Kansas, experienced a large-scale data security incident that may have impacted the personal data of over 220,000 individuals.

Contact our data breach lawyers to discuss taking legal action following any potential data theft incident, and to learn more about steps you can take to help minimize the risk of fraud and medical identity theft. We have filed numerous data privacy class action lawsuits on behalf of plaintiffs nationwide. Call for a free case review and consultation.

What Happened at Sunflower Medical?

On March 7, 2025, Sunflower Medical Group filed a notice of data breach with the Attorney General of Maine after discovering that an “unknown and unauthorized party” accessed the company’s computing network. An investigation following the incident concluded that the unauthorized party may have accessed consumers’ sensitive information, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical information, and health insurance information.

Sunflower Medical Group has begun sending out data breach notification letters to all individuals whose information may be affected by the data security incident. If you happen to receive a data breach notification from Sunflower, or any other healthcare entity, it is important to understand the increased risks associated with these types of security breaches. Contact an experienced attorney to file a class action complaint or to join existing litigation.

According to sources, on January 7, 2025, Sunflower first detected unusual network activity and contacted cybersecurity experts. Through this investigation, the company determined that on December 15, 2024, hackers accessed confidential information that was stored on its systems. The data may vary from person to person, but the type of information potentially exposed includes:

  • Name
  • Social Security number
  • Address
  • Date of birth
  • Driver’s license number
  • Medical information
  • Health insurance information

Sunflower Medical Group is a healthcare provider operating four urgent care clinics in the Kansas City area: Roeland Park, Kansas City (KS), Lenexa West/Prairie Star, and Lenexa East. They offer primary care, urgent care, obstetrics and gynecology, laboratory tests, x-rays, EKGs, ultrasounds, vascular screenings, and bone density tests.