Healthcare Compliance Training and Certification

HIPAA News

PHI Exposed in Sedgwick Government Solutions Data Breach Exposing

by | Feb 22, 2026

Sedgwick Government Solutions confirmed that an unauthorized party accessed an isolated file transfer system and that a ransomware group publicly claimed theft of data, triggering incident response actions.

Incident Confirmation

Sedgwick Government Solutions (SGS) acknowledged unauthorized access to an isolated file transfer system. SGS initiated incident response procedures upon detection of the unauthorized access and engaged cybersecurity experts to investigate. According to the investigation, SGS’s core operational systems and claims management servers were not affected by the unauthorized access.

Claims by Ransomware Group

On December 31, 2025, the TridentLocker ransomware group publicly listed SGS as a victim on its dark web leak site. It posted  around 3.39 gigabytes of stolen data on its site. TridentLocker employs tactics that combine data exfiltration with threats of data exposure following encryption.

Managed Care Advisors and SFTP Server Incident

Managed Care Advisors and Sedgwick Government Solutions reported that unauthorized access occurred after a third party exploited a vulnerability in a corporate SFTP server. The server stored personal information and protected health information (PHI). Access to the server started on November 16, 2025. SGS detected the attack on December 4, 2025, after which activated incident response procedures and disabled connections to the SFTP server. SGS restored the encrypted data from backups the following day.

Data Elements Involved

On January 15, 2026, Sedgwick’s investigation confirmed that the compromised server contained first and last names, addresses, Social Security numbers, dates of birth, and PHI. The types of data varied among affected individuals.

Mitigation and Protective Measures

A cybersecurity firm assisted with the investigation and forensic analysis after the incident was confirmed. The organization stated that it had implemented cybersecurity measures prior to the incident and took additional steps to enhance privacy protections following the unauthorized access.

Notification to Affected Individuals

In compliance with HIPAA breach notification laws, notifications sent to affected individuals included offers of complimentary credit monitoring and identity theft protection services, with identity theft insurance included in the offered services. Information on the total number of individuals affected was not available at the time of reporting.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy