World Trade Center Health Program data compromised via Managed Care Advisors/Sedgwick Government Solutions vendor breach
The World Trade Center (WTC) Health Program reported a data security incident affecting 1,071 individuals. Highly sensitive data was compromised at a vendor, Managed Care Advisors/Sedgwick Government Solutions, where hackers accessed a server and exfiltrated data before encrypting files. The TridentLocker ransomware group claimed responsibility.
Signal context
First seen: May 22, 2026
Last updated: Jun 24, 2026
Status: Public signal
Key points
- Data breach at vendor Managed Care Advisors/Sedgwick Government Solutions.
- 1,071 WTC Health Program individuals affected.
- Highly sensitive data compromised, including SSNs and PHI.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Health Care and Social Assistance
Likely country: Location not provided
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: supplier or third-party involvement
Impact area: Availability
Likely asset: Server or cloud data store
- 13 signals in the same sector
- 9 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
May 2026 Data Breach Round Up: Data Breaches Affect 9 HIPAA-regulated Entitieshttps://www.hipaajournal.com/may-2026-data-breach-round-up/Public source from hipaajournal.com.
TridentLocker Ransomware Exposes WTC Health Program Data Breach - Kiteworkshttps://www.kiteworks.com/secure-file-transfer/sedgwick-tridentlocker-sftp-breach-wtc-health-program-phi-pii/Public source from kiteworks.com.
WTC Health Program Site Hacked - The Broadsheethttps://www.ebroadsheet.com/first-do-no-harm/Public source from ebroadsheet.com.
Related signals
Grouped by why the signal is relevant.
Tampa Bay Dental Implants & Prosthetics discloses ransomware attack and data exposure
Tampa Bay Dental discovered unauthorized access to its network on January 19, 2026, when ransomware was used to encrypt files on a legacy server containing a backup of electronic medical records. Patient data, including names, contact information, birth dates, treatment notes, clinical histories, and for some, Social Security numbers, was exposed.
University of Mississippi Medical Center Hit by Ransomware Attack
In February 2026, the University of Mississippi Medical Center (UMMC) experienced a ransomware attack that forced the closure of most of its clinics and the cancellation of elective procedures. The attack impacted its IT network and many systems, including its Epic electronic medical record system. UMMC confirmed contact with the attackers, but the name of the group was not disclosed initially, though later reports attributed it to Medusa ransomware.
Ultrahuman Data Breach Exposes Customer Wellness Data
Wearable health-tech startup Ultrahuman confirmed a data breach where hackers accessed customer wellness data through credentials stolen from an employee's malware-infected laptop. Approximately 0.1% of its user base was affected.
Stryker Hit by Wiper Malware Cyberattack
In March 2026, medical technology company Stryker experienced a large cyberattack linked to an Iran-aligned hacktivist group. Employees reportedly watched as company computers were wiped in real time, forcing offices to shut down. The Handala group claimed to have stolen 50 terabytes (TB) of data before wiping tens of thousands of systems and servers across the company's network.
Beacon Mutual Insurance Co. Ransomware Attack Compromises 131,000 Rhode Islanders' Data
Beacon Mutual Insurance Co., Rhode Island's largest workers' compensation insurer, disclosed that highly sensitive personal information belonging to over 131,000 Rhode Islanders was compromised in a ransomware attack earlier in the year. An unauthorized person gained access to the company's system between January 7th and January 14th, accessing files containing names, Social Security numbers, driver's license numbers, financial account numbers, health insurance information, and/or medical treatment details.
Fluke Corporation data breach impacts over 18,000, Clop claims responsibility
Fluke Corporation notified over 18,000 people of a data breach that occurred between August 10 and October 7, 2025. The breach, resulting from an exploited vulnerability in a third-party application, compromised highly sensitive personal information including SSNs, birth dates, and disability status. The Clop ransomware group claimed responsibility.