Two healthcare facilities, Sedgebrook in Illinois and Heartland Health Center in Nebraska, recently disclosed ransomware attacks that compromised sensitive data, highlighting ongoing cybersecurity challenges in the healthcare sector.
Sedgebrook
Sedgebrook, a retirement village and skilled nursing facility located in Lincolnshire, Illinois, reported that its network was breached in a ransomware attack earlier this year. The incident was detected on 5 May 2025, when network disruptions were observed. With the assistance of third-party digital forensics experts, Sedgebrook determined that an unauthorised ransomware group had accessed its network from 4 May to 5 May 2025 and encrypted files during that time. It is also believed that data may have been exfiltrated.
Following a review of the exposed files, it was confirmed on 26 August 2025 that some files contained personal and protected health information. The compromised data included names, addresses, birth dates, Social Security numbers, driver’s licence numbers, financial account details, medical treatment records, medical record numbers, and health insurance information. Sedgebrook began mailing notification letters to affected individuals on 24 October 2025.
Although no evidence of misuse of the exposed data has been identified, the company has offered complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers or driver’s licence numbers were compromised. Sedgebrook has also implemented measures to bolster its security in an effort to prevent future incidents.
The breach does not currently appear on the HHS’ Office for Civil Rights data breach portal, and it remains unclear how many individuals have been impacted.
Read the source
