"According to the notice, Veradigm learned that an unauthorized party accessed some clients' data on December 15, 2024. The clients' data was located in a storage account that the attacker accessed after obtaining a credential from an attack on an unnamed Veradigm client. Veradigm states it first became aware of the breach on July 1, 2025, through a third-party investigation of the client's data breach."
"According to Veradigm's notification, the specific information impacted varied by individual, but included name, contact details, date of birth, health records data (such as diagnoses, medications, test results, and treatments), health insurance information, payment details, and limited identifiers, such as Social Security numbers or driver's license numbers. The Goodrum v. Veradigm lawsuit in the Northern District of Illinois has reached a settlement that the court is likely to approve."
"Nothing seemed unusual or particularly suspicious about Veradigm's description of the incident until the day someone with knowledge of the unnamed client's breach contacted DataBreaches to alert us that the unnamed client was Sunflower Medical Group, and if we looked at the Sunflower data tranche on Rhysida's leak site, we would find Veradigm client data. DataBreaches started researching the Sunflower Medical Group incident."
An unauthorized actor accessed Veradigm client data on December 15, 2024, using a credential obtained from an attack on an unnamed Veradigm client. Veradigm first learned of the intrusion on July 1, 2025, via a third-party investigation, although some impacted patients had already filed a class-action on June 25, 2025. Impacted data varied by individual and included names, contact details, dates of birth, health records (diagnoses, medications, test results, treatments), health insurance and payment information, and limited identifiers such as Social Security or driver's license numbers. A related Goodrum v. Veradigm lawsuit has reached a settlement likely to be approved. A source identified the unnamed client as Sunflower Medical Group, and Sunflower confirmed possible access on January 7, 2025 with a breach date on or around December 15, 2024.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]