A Kansas healthcare provider with multiple urgent care facilities said a cyberattack in December exposed sensitive information from hundreds of thousands of people. 

Sunflower Medical Group said nearly 221,000 of its patients had information accessed by hackers who broke into their systems on December 15. The company notified regulators in Maine, Vermont and California and posted a notice on its website. 

Those affected potentially had their names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical information, and health insurance information leaked. 

The company said it initially discovered the breach on January 7 and hired a cybersecurity firm to investigate before it was discovered the hackers had been inside their systems since mid-December. The hackers made copies of Sunflower’s files.

Sunflower said it sent letters to all victims that it had valid addresses for and offered one year of credit monitoring services. 

The company did not say whether it was dealing with a ransomware attack and they have not reported any operational issues since December.

Sunflower operates four urgent care locations and multiple facilities that cover primary care, obstetrics and lab tests. 

The Rhysida ransomware gang took credit for the attack in January, threatening to leak the stolen data if a ransom of about $800,000 was not paid.

The group has repeatedly targeted healthcare facilities and nonprofits including Prospect Medical and Lurie Children’s Hospital in Chicago.