Veradigm Breach Claims vs. Dark Web Reality – Data Disclosure Under Scrutiny

Veradigm's breach disclosure is falling apart under scrutiny. The healthcare IT company claimed an unauthorized party accessed client data on December 15, 2024 via credentials stolen from an unnamed client, storing the data in a Veradigm storage account. They filed breach notices in September 2025 after learning about it July 1—but patients had already filed a class-action lawsuit June 25. What's fascinating: when someone tipped off DataBreaches.net that the unnamed client was Sunflower Medical Group, investigators found Veradigm client data mixed into Rhysida's Sunflower leak—7.6 TB comprising 5.3 million files with 400K+ driver's licenses, insurance cards, and SSNs. Here's where it breaks down: DataBreaches found data from 14+ different Veradigm clients (Urology Associates of Mobile, Cabarrus Eye Center, Family Medical Group of Texarkana, Peachtree Neurological, Virginia ENT, and more) scattered throughout the Sunflower tranche in folders that appear to be Veradigm employee names—"ChrisM," "Saranam," "Sudarsan," "Anila." The folder structure suggests client data was on Sunflower's server, not Veradigm's centralized storage as claimed. Even more suspicious: the client data was in plain text with no access control, contradicting Veradigm's narrative about stolen credentials being used to access a protected storage account. Veradigm ignored five DataBreaches inquiries asking for clarification. Neither Veradigm nor Sunflower informed patients their data was leaked on the dark web. Sunflower reported 220,698 impacted patients to HHS; Veradigm's settlement docs suggest 2 million affected.