Two healthcare providers are the latest victims of the Rhysida ransomware group’s cyberattacks.

A Kansas-based medical practice and a Rhode Island provider of mental health and addiction counseling services have both reported major data breaches perpetrated by the Russian-speaking cybercriminal gang Rhysida.

Sunflower Medical Group operates four clinics in the Kansas City region and offers urgent care, pediatric care, and various other health services. Last week, it filed a breach report in Maine, noting that a hacking incident affected nearly 221,000 individuals.

According to its Maine breach report and notification letter to affected individuals, the Kansas-based group of independent physicians detected the attack on January 7, 2025. Its investigation revealed that the attack occurred on December 15, 2024.

The same day, the Community Care Alliance, which provides mental health service programs in Rhode Island, reported a hacking incident that affected nearly 115,000 people.

Rhysida Claims Responsibility

The ransomware gang Rhysida has claimed responsibility for both incidents and has posted the protected health information (PHI) for sale on its dark web leak site. The data includes a 3-terabyte SQL database allegedly belonging to Sunflower Medical Group, which contains over 400,000 driver’s licenses, insurance cards, and Social Security numbers. In addition, the group named a 2.5-terabyte SQL database from Community Care Alliance containing personal customer data, addresses, Social Security numbers, phone numbers, and credit card details.

Rhysida Has a Track Record of Ruthless Cyberattacks

Sunflower Medical Group and Community Care Alliance are among a total of about 169 victims that Rhysida listed as of Monday, March 10, on its dark web leak site, including several other healthcare organizations, including behavioral health clinics and specialty medical groups like orthopedic and dental practices, and a nursing home.

Pediatric hospital Ann & Robert H. Lurie Children’s Hospital of Chicago, which was disrupted by a ransomware attack in February 2024, is listed among Rhysida’s healthcare sector victims as having “all data sold.” Rhysida Offers to Sell Children’s Hospital Data for $3.4M.

According to the Information Security Media Group, Rhysida has been the subject of at least two advisories from the U.S. Department of Health and Human Services Health Sector Cybersecurity Coordination Center – one in August 2023 and another in January 2024. In November 2023, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Center issued a joint warning about Rhysida.

Cyberattacks Are Dangerous and Costly

Healthcare organizations struck by ransomware face a long list of problems and costs in the wake of the attack.

First they have to manage the disruption to patient services. Next they must pay for and manage an internal cyber investigation and the breach notification requirements to government authorities and affected individuals.

Since the Office for Civil Rights (OCR) investigates all breaches affecting 500 or more, they’ll need to pay for defending the government investigation. Attorneys’ fees and public relations costs will be added to the cost of likely mandated security improvements to reduce the chance of another cyberattack.

Class Action Lawsuits are on the Horizon

Private lawsuits often follow a major breach like these two. Although HIPAA does not provide a private right to sue, lawsuits alleging breach of privacy, breach of contract and consumer rights violations under state law are common.

A Google search today reveals at least four law firms advertising they are looking for individuals affected by the health data breaches at Sunflower Medical Group and the Community Care Alliance.

The plaintiffs in these potential lawsuits will try to prove that the healthcare organizations were negligent in how they managed the sensitive patient data in their care. For example, did they follow HIPAA? Did they use current cybersecurity protocols, conduct a regular risk analysis, follow a rigorous risk management plan, and train their workforce?

Prevent Ransomware with HIPAA Compliance

Staying on top of cybersecurity is much less costly than managing a breach and all the aftermath of public relations, investigations and lawsuits. Make sure you follow the HIPAA Security Rule, the blueprint to prevent cybercrime. Follow the law and you can defend your business even if a ransomware attack gets through.