Notice of Cerner Data Privacy Incident
Published on December 12, 2025
On December 12, 2025, Cerner mailed letters on our behalf to certain Lakes Region General Hospital’s (“LRGH”) patients whose personal information may have been involved in the Cerner data incident. Cerner is LRGH’s electronic health record (“EHR”) software vendor.
On August 14, 2025, Cerner informed us that an unauthorized third party gained access to legacy Cerner systems as early as January 22, 2025, and obtained certain data. Cerner informed us that, upon learning of the incident, it initiated its incident response process and took steps to secure the impacted systems. Cerner also began an investigation, engaged external cybersecurity specialists, and notified law enforcement.
On September 26, 2025, Cerner provided us with a list of patients whose information may have been involved in this incident. The information involved in this incident may have included patients’ names, Social Security numbers, and information included within patients’ medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.
We began investigating the incident in coordination with Cerner as soon as we learned of it. The security incident occurred at Cerner’s IT systems. This incident did not involve a compromise of any of Concord Hospital-Laconia’s IT systems, and did not cause any disruption to our clinical operations. The recent incident does not impact patients’ ability to receive clinical services from us. Concord Hospital-Laconia remains committed to upholding high standards of custodianship of patient information with our third-party vendors. Concord Hospital-Laconia is reviewing how Cerner secures and maintains information it receives on behalf of Concord Hospital-Laconia.
Although we are not aware of any information involved in this incident being used for fraud or identity theft, we, along with Cerner, are offering complimentary identity monitoring services to patients. Additionally, it is always a good idea for patients to review statements they receive related to their healthcare provider or health insurer. If they identify charges for services they did not receive, they should contact the healthcare entity or health insurer immediately.
Cerner has also established a dedicated, toll-free call center to help answer questions about the data incident. The call center can be reached at (833) 918-5951 toll-free Monday through Friday from 8 am – 8 pm Central (excluding major U.S. holidays).
