Sedgebrook, a senior living and skilled nursing company based in Illinois, fell victim to a cyberattack in May 2025. Unauthorized actors accessed its internal network between May 4–5, 2025, potentially exfiltrating sensitive files. A forensic review confirmed the breach involved personally identifiable information (PII) and protected health information (PHI), including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical records, treatment data, and health insurance information. The company began notifying affected individuals in October 2025, offering free identity theft protection to those with exposed SSNs or driver’s licenses. The incident was also reported to the Massachusetts Attorney General’s office. The breach posed severe risks of identity theft, financial fraud, and medical privacy violations, particularly for vulnerable senior residents whose sensitive health and financial data was compromised.
Source: https://www.claimdepot.com/data-breach/sedgebrook-2025
TPRM report: https://www.rankiteo.com/company/sedgebrook
"id": "sed2902229102425",
"linkid": "sedgebrook",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'healthcare',
'location': 'Illinois, USA',
'name': 'Sedgebrook',
'type': 'senior living and skilled nursing company'}],
'customer_advisories': ['Review breach notices carefully.',
'Enroll in free identity theft protection if '
'eligible.',
'Vigilance against phishing and fraud.'],
'data_breach': {'data_exfiltration': 'likely (files obtained by unauthorized '
'actor)',
'personally_identifiable_information': ['names',
'addresses',
'dates of birth',
'Social Security '
'numbers',
'driver’s license '
'numbers',
'financial account '
'numbers',
'medical treatment '
'information',
'medical record '
'numbers',
'health insurance '
'policy information'],
'sensitivity_of_data': 'high (includes SSNs, medical records, '
'financial data)',
'type_of_data_compromised': ['PII', 'PHI']},
'date_detected': '2025-05-05',
'date_publicly_disclosed': '2025-10-23',
'description': 'Sedgebrook, a senior living and skilled nursing company based '
'in Illinois, experienced a cyberattack in May 2025. An '
'unauthorized actor accessed the Sedgebrook network from May '
'4, 2025, to May 5, 2025, potentially obtaining sensitive '
'files containing personally identifiable information (PII) '
'and protected health information (PHI). The breach was '
'disclosed to affected individuals and regulatory authorities '
'in October 2025.',
'impact': {'brand_reputation_impact': 'potential reputational damage due to '
'exposure of sensitive health and '
'personal data',
'data_compromised': ['PII', 'PHI'],
'identity_theft_risk': 'high (SSNs, driver’s license numbers, '
'financial account numbers exposed)',
'legal_liabilities': 'potential regulatory scrutiny (e.g., HIPAA '
'violations)',
'payment_information_risk': 'moderate (financial account numbers '
'exposed)',
'systems_affected': ['internal network']},
'initial_access_broker': {'high_value_targets': ['PII', 'PHI']},
'investigation_status': 'completed (review finalized Aug. 26, 2025)',
'post_incident_analysis': {'corrective_actions': ['securing systems',
'engaging cybersecurity '
'experts',
'offering identity theft '
'services']},
'recommendations': ['Sign up for free identity theft services offered by '
'Sedgebrook (for exposed SSNs/driver’s license holders).',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing attempts using exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Sedgebrook Data Breach Notice (Mail Notification)'},
{'date_accessed': '2025-10-23',
'source': 'Massachusetts Attorney General Disclosure'},
{'source': 'Sedgebrook Website'}],
'regulatory_compliance': {'regulations_violated': ['potential HIPAA '
'violations'],
'regulatory_notifications': ['Massachusetts '
'Attorney General '
'(disclosed Oct. 23, '
'2025)']},
'response': {'communication_strategy': ['mail notifications to affected '
'individuals (Oct. 24, 2025)',
'disclosure to Massachusetts Attorney '
'General (Oct. 23, 2025)',
'toll-free inquiry line '
'(855-720-2871)'],
'containment_measures': ['securing systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['cybersecurity experts']},
'stakeholder_advisories': ['toll-free inquiry line: 855-720-2871 (Mon–Fri, 8 '
'a.m.–8 p.m. CT)'],
'threat_actor': 'unauthorized actor',
'title': 'Sedgebrook Senior Living and Skilled Nursing Cyberattack and Data '
'Breach',
'type': ['cyberattack', 'data breach']}