Cyberattacks Hit Healthcare: 560,000 Individuals Affected

Four healthcare organizations across different U.S. states have reported data breaches impacting a total of more than 560,000 individuals. The affected entities include Hillcrest Convalescent Center, Gastroenterology Associates of Central Florida, Community Care Alliance, and Sunflower Medical Group.

The largest breach involved Kansas-based Sunflower Medical Group, which discovered unauthorized access to its systems on January 7, 2025. Investigations revealed that hackers had been in the system since December 15, 2024, compromising sensitive data such as names, addresses, dates of birth, Social Security numbers, driver's license numbers, medical records, and health insurance details. The Rhysida ransomware group claimed responsibility for the attack, alleging the theft of 3TB of data, affecting 400,000 individuals. However, Sunflower officially reported 220,000 impacted individuals.

Hillcrest Convalescent Center, a nursing home and rehabilitation facility in North Carolina, identified suspicious activity on its network in late June 2024. Hackers reportedly accessed and stole personal and financial data, including Social Security numbers, medical records, and government-issued ID numbers, affecting over 106,000 individuals.

Gastroenterology Associates of Central Florida, operating as the Center for Digestive Health, detected a breach in April 2024. Investigations confirmed that cybercriminals may have accessed names, Social Security numbers, birth dates, and health information of more than 122,000 individuals.

These incidents highlight the ongoing cybersecurity threats faced by healthcare organizations, emphasizing the need for enhanced security measures to protect sensitive patient data.