Lake Regional Health System Says Patient Information Uncompromised After Reported Security Breach
Patient information from the Lake Regional Health System is apparently uncompromised after reported data security incident.
A notice posted on Lake Regional’s website says a third-party electronic health record vendor identified as Cerner Corporation became aware of a security event in late February. The information revealed that an unauthorized third party gained access to protected health information on legacy Cerner systems.
The Cerner Corporation also reported contacting law enforcement but being directed to delay notifications to allow for an investigation.
Lake Regional says it wasn’t made aware of the breach until late October and, as of the current time, there is no information to indicate there was any compromise of patient information maintained by Lake Regional or Lake Regional’s I-T systems.
Several reports of receiving notice in the mail about the breach have been reported on social media.
Those with questions or are unsure if they have been affected can call 833-918-0882 toll-free Monday through Friday, 8a-8p central time and are being instructed to use reference number B156058.
COPY OF LAKE REGIONAL HEALTH SYSTEM’S ONLINE NOTICE REPORTING THE BREACH
Lake Regional Notified of Cerner Data Security Incident
Lake Regional Health System has been notified by Cerner Corporation, a third-party electronic health record vendor, that a data security incident occurred involving Cerner’s systems. Cerner informed Lake Regional that some patient information from LRHS may have been involved in this incident.
This incident did not involve nor compromise any patient information maintained by Lake Regional Health System or Lake Regional’s current IT systems, and it did not cause any disruption to Lake Regional clinical operations.
When Lake Regional learned of this incident in late October 2025, we immediately began working to understand the scope of the event, including verifying patient records. Here’s what we know.
In late February 2025, Cerner became aware of a security event in which an unauthorized third party gained access to protected health information on legacy Cerner systems. The compromise was limited to these legacy Cerner systems.
Cerner began an investigation, engaged external cybersecurity specialists and contacted law enforcement. Law enforcement directed Cerner and its customers to delay notification to impacted individuals to allow for investigation. Law enforcement is now allowing notification to proceed.
At this time, there is no evidence that any information specific to LRHS patients has been misused. However, the data potentially affected could include limited personal health information such as names, dates of birth, medical record numbers, social security numbers and other information used to provide care. No financial account information has been confirmed as impacted.
Those potentially impacted will receive an individual notification letter. Individuals who have questions or are unsure if they are affected may call 833-918-0882, toll-free, Monday through Friday, 8 a.m. to 8 p.m. CST, excluding major holidays. Please reference engagement number B156058.
To help protect potentially affected patients, identity protection services will be offered through Experian, as well as 3-bureau credit monitoring for two years to individuals who wish to enroll. As an additional precaution, internet surveillance services will be available.
Patients are encouraged to regularly monitor credit reports, account statements and benefit statements and to report inaccuracies immediately.
Reporter Mike Anthony
