316 North 3rd Street
Hamilton, MT 59840
Mon-Fri: 7:30 am – 5:30 pm
406-541-0032

210 S. 3rd Street
Hamilton, MT 59840
Mon-Fri: 7:30 am – 4:30 pm
406-541-0032

News

Sapphire Community Health Notified of Cerner Data Breach

Published: October 22, 2025

Download PDF

Hamilton, Montana – Sapphire Community Health, Inc. (SCH) has been notified by Cerner Corporation—its electronic health record vendor—that a data security incident occurred involving Cerner’s systems. Cerner informed SCH that some patient information from Sapphire Community Health may have been involved in this incident.

In late February, Cerner became aware of a security event in which an unauthorized third party gained access to protected health information on legacy Cerner systems. The compromise was limited to these legacy Cerner systems. The company immediately began an investigation, engaged external cybersecurity specialists, and contacted law enforcement. Law enforcement directed the company and its customers to delay notification to impacted individuals to allow for its investigation. Meanwhile, the company has confirmed through its own investigation that the unauthorized third party gained access to the legacy system at least as early as January 22, 2025 and copied data to an external location. Law enforcement is now allowing the notification to proceed.

At this time, there is no evidence that any information specific to SCH patients has been misused. However, the data potentially affected could include limited personal health information such as names, dates of birth, medical record numbers, social security numbers, and other information used in providing care. No financial account information has been confirmed as impacted.

Upon learning of the incident, SCH immediately began working closely with Cerner to understand the scope and impact of the event. Cerner has informed SCH that they have taken steps to contain and secure their systems, engaged cybersecurity experts, and notified federal authorities as required.

To help protect potentially impacted patients, the company is offering identity protection services through a vendor, Experian. It will also provide 3-bureau credit monitoring for two (2) years to individuals who wish to enroll. As an additional precaution, the Company will also provide monitoring services known as “Internet Surveillance.” Potentially impacted individuals will receive an individual notification letter containing an engagement number and contact information if they have any further questions.  If individuals are unsure if they are impacted, they can contact 855-591-0272 toll-free, Monday through Friday, 7 a.m. – 7 p.m., MTN (excluding major U.S. holidays).

Sapphire Community Health remains committed to protecting patient privacy and maintaining the security of all patient information. Out of an abundance of caution, SCH is issuing this public notice in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Contact:
Patrick Peer, CEO, HIPAA Security Officer
Sapphire Community Health, Inc.
406-541-0032 | ppeer@sapphirechc.org