Kansas City, Mo.-based Sunflower Medical Group is facing a class-action lawsuit for allegedly failing to protect patient and employee data, resulting in a cybersecurity breach that exposed sensitive, personally identifiable information and protected health information, according to court documents accessed by Becker’s.
What happened?
- The breach occurred Dec. 15, 2024, and impacted 220,968 individuals, exposing names, Social Security numbers, driver’s license information, dates of birth, medical records and health insurance details.
- The lawsuit alleges that Sunflower Medical Group did not discover the breach until Jan. 7, 2025, and only began notifying affected individuals March 7, two months later.
- The lawsuit claims Sunflower violated HIPAA by not implementing adequate cybersecurity measures and failing to follow Federal Trade Commission guidelines for consumer data protection.
- The complaint also claims the physician group failed to encrypt data, lacked proper monitoring systems, did not train employees on cybersecurity and had outdated or weak security measures.
What’s next?
- The lawsuit seeks compensatory damages, credit monitoring, improved security measures and long-term audits.
The post Physician group faces lawsuit following data breach appeared first on Becker’s ASC.
