Aultman Health System Data Breach Exposes Sensitive Personal & Health Information Including Social Security Numbers

The Ohio-based nonprofit, Aultman Health System, has disclosed a data breach involving its third-party electronic health record (EHR) vendor, Cerner. According to the Substitute Notice Letter for Consumers, an unauthorized third party gained access to and obtained data from legacy Cerner systems.

The breach was first detected as having occurred as early as Jan. 22, 2025. Law enforcement directed Cerner to delay notification to affected hospitals and patients to avoid impeding their investigation.

The exposed data includes both personally identifiable information (PII) and protected health information (PHI) including names, Social Security numbers, medical record numbers, treating doctors, diagnoses, medications, test results, medical images, and details about care and treatment.

The breach impacts patients whose records were stored on legacy Cerner systems used by Aultman Hospital, Aultman Alliance Community Hospital and Aultman Orrville Hospital.

Aultman Health System's response

To support those affected, Cerner is offering two years of complimentary identity protection and three-bureau credit monitoring services through Experian. These services include identity protection, credit monitoring and Internet Surveillance. Impacted individuals have been notified directly by letter, which contains an engagement number and contact information for further assistance. Anyone who believes they may have been affected but did not receive a letter can call 833-918-1127 and use engagement number B156918 for support.

Given the nature of the breach, affected individuals are strongly encouraged to:

• Review statements from health care providers, insurance companies and financial institutions for any unusual activity
• Obtain free annual credit reports from the three major credit bureaus
• Consider placing a fraud alert or a security freeze on their credit files
• Contact the Federal Trade Commission or their state attorney general for additional guidance on identity theft protection

More information about steps to take and contact details for credit bureaus and consumer protection agencies are included in the official notice to consumers, which is available in PDF format at the bottom of this page.