Cyber Incident Victim: Seeley Medical

On September 7, 2020, Seeley Enterprises Company, operating as Seeley Medical in Ohio, detected suspicious activity on its network. The home medical equipment provider promptly initiated an investigation, which confirmed that malware had infected its systems, preventing access to certain files. Forensic analysis determined that an unauthorized actor had infiltrated the network between August 31 and September 7, 2020, introducing malware while accessing and acquiring specific files. The compromised data included patient names, addresses, phone numbers, medical record numbers, Social Security numbers, and prescription information. Seeley Medical reported the breach to the U.S. Department of Health and Human Services on November 6, 2020, disclosing that 16,196 patients were affected. The company engaged external legal counsel to manage breach notifications and response efforts.

Seeley Medical offered affected individuals 12 months of complimentary credit monitoring services following the incident. The organization also committed to reviewing its policies, procedures, and processes related to personal information storage and access controls. Neither Seeley Medical nor its external counsel responded to inquiries about the specific malware variant involved or whether the company received or paid any ransom demands prior to the article’s publication date of November 19, 2020. The breach timeline indicates a one-week period of unauthorized access before detection, with no public confirmation of data recovery or system restoration outcomes. The incident exposed sensitive patient identifiers and medical details, creating potential risks of identity theft and medical fraud for impacted individuals.