Oracle Health Data Breach Affects 13,633 Patients

On March 7, 2025, Cerner Corporation, now operating as Oracle Health, discovered that a cybercriminal had gained access to sensitive patient data stored on legacy Cerner systems. Cerner/Oracle Health is an electronic health record (EHR) vendor for thousands of hospitals and medical facilities across the United States.

The data breach occurred over a several day period, was traced back to at least Jan. 22, 2025, and affected multiple hospitals and medical practices in several states. The cybersecurity incident was disclosed to the U.S. Department of Health and Human Services on June 17, 2025.

The data breach compromised personally identifiable information (PII) and protected health information (PHI). Exposed patient information includes names, Social Security numbers, addresses, dates of birth medical record numbers, details of care and treatment, diagnoses, doctors, images, medicines and test results.

Oracle Health has not released the total number of patients impacted by the breach. Affected individuals include 4,082 in Texas, 6,562 in Massachusetts, 2,989 in South Carolina and 802 in Washington. Cerner/Oracle Health notified the California, Massachusetts, South Carolina, Texas and Washington Attorney Generals' offices beginning on July 25, 2025.

Cerner Corporation's response

Cerner and affected medical facilities have begun notifying affected patients by mail. Cerner is offering 24 months of free Experian IdentityWorks Credit Plus 3B. This service includes credit monitoring, dark web surveillance, identity restoration and up to $1 million in identity theft insurance.

If you receive a data breach notice from Cerner, Oracle Health or a medical facility you received treatment at, you may want to:

• Sign up for the free Experian IdentityWorks Credit Plus 3B, offered by Cerner.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

More information about Cerner Corporation, now Oracle Health, can be found on the Oracle Health website.