Cyber Incident Victim: Sapphire Community Health

On February 18, 2021, Sapphire Community Health, a medical group based in Hamilton, Montana, experienced a cybersecurity incident involving unauthorized encryption of its systems. An unidentified threat actor deployed encryption code that locked the organization out of patient files containing sensitive personal information, including Social Security numbers, bank account details, and patient names. The attackers issued a ransom demand in connection with this encryption event, though specific ransom terms were not disclosed in public notifications. Medical treatment records remained unaffected by the breach according to the organization’s statements. Sapphire detected the intrusion on the same date as the initial encryption activity, prompting immediate operational disruptions to contain the incident.

Upon discovering the breach, Sapphire initiated containment protocols by shutting down its compromised information systems to prevent lateral movement of the attack. The organization subsequently launched a scanning and file restoration process to recover encrypted data. While restoration timelines were not specified, Sapphire confirmed the implementation of additional security safeguards following forensic analysis of the incident. A breach notification letter was issued to affected individuals, acknowledging the exposure of financial identifiers and personally identifiable information but affirming medical record integrity. No further details regarding attacker attribution, data recovery methods, or ransom payment status were disclosed in available public reporting. The organization maintained its commitment to evaluating security enhancements to fortify defenses against future incidents following the containment effort.