A major data breach has impacted around 1.2 million patients of outpatient radiology and medical-imaging provider SimonMed Imaging after cybercriminals accessed the company’s networks and exfiltrated patient identities, financial records and medical scans.
What happened
According to ClaimDepot, on 4 to 5 May 2025, the senior-living community operator Sedgebrook OpCo SL VII LLC (Illinois) detected suspicious activity within its computer network. A subsequent internal investigation confirmed that between those dates an unauthorized party had accessed the network, encrypted certain files, and “possibly acquired” stored data.
By 26 August 2025, Sedgebrook had completed a review of the impacted systems to identify affected individuals and began sending notification letters on 24 October 2025.
The breach was disclosed to the Massachusetts Attorney General on 23 October 2025.
Going deeper
The exposed information is especially sensitive: those impacted may have had their full name, address, date of birth, Social Security number, driver’s licence number, medical treatment information, medical record number, health‐insurance policy number, and financial account number accessed.
Sedgebrook’s published incident notice confirms that the breach involved “protected health information” and personally identifiable data.
While the review is complete for identifying affected individuals and letters are going out, the total number of impacted persons has not been publicly disclosed; however, Claim Depot lists three Massachusetts residents whose data were included.
Sedgebrook also stated that it engaged forensic cybersecurity experts, notified law enforcement, secured its systems, and is offering identity-theft protection services (for those whose Social Security number or driver’s license number was exposed).
What was said
In its notice, Sedgebrook stated, “We have no evidence that the information involved in this incident has been misused for the purpose of committing fraud or identity theft.”
The breach notice also states that “Upon discovering the incident, we promptly began an internal investigation, worked to secure our systems, and notified law enforcement. We also engaged a forensic security firm to assist with our investigation and ensure the security of our computer network. The forensic investigation determined that an unauthorized third party accessed our computer network from May 4, 2025, until May 5, 2025, and encrypted certain Sedgebrook files. The investigation also determined that the
third party may have acquired certain Sedgebrook files during the incident.”
Why it matters
As of 3 October 2025, there were 364 hacking incidents reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights, affecting over 33 million individuals. This statistic shows how hacking and IT-related breaches now dominate the healthcare threat landscape. Most of these attacks involved unauthorized access to network servers, often through compromised credentials, phishing, or vulnerabilities in third-party systems.
While the number of affected individuals remains unknown, the Sedgebrook breach demonstrates the broader cybersecurity risks facing healthcare and senior‐living providers.
Because protected health information (PHI) was exposed, Sedgebrook may face regulatory scrutiny under HIPAA and state privacy laws, along with possible legal action from affected individuals. Beyond compliance, the incident shows how breaches can erode resident trust, an essential component of quality care.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
FAQS
What does this mean for Sedgebrook residents and their families?
While the investigation continues, residents and families should remain vigilant. Even if data misuse hasn’t been confirmed, the exposure of personal and medical information can lead to long-term risks.
How can individuals protect themselves?
Those affected should monitor their financial and medical accounts, review explanation-of-benefits statements, and consider placing a fraud alert or credit freeze with major credit bureaus.
Tshedimoso Makhene
.jpg)