Union Health Data Breach Affects 262,831 Patients

On April 21, 2025, Union Health System, Inc. disclosed a data breach affecting 262,831 individuals in the United States. The incident originated not from Union Health’s own systems, but from a third-party vendor, Oracle Health/Cerner, which provides data migration services for the healthcare network.

According to Union Health, an unknown party contacted them in February 2025 claiming to possess patient information. After verifying the claim, Union Health traced the data to Oracle Health/Cerner and immediately initiated an investigation with cybersecurity specialists and law enforcement.

Oracle Health/Cerner later confirmed that unauthorized access had occurred in their data migration environment. Their investigation determined that the initial unauthorized access took place sometime after January 22, 2025, and they first became aware of the incident on February 20, 2025. Union Health was informed of the breach specifics on March 15, 2025, and received a list of affected patients on March 22, 2025.

The breach involved files containing a range of sensitive information. For some patients, this included personally identifiable information (PII) such as names, Social Security numbers, driver’s license numbers, and dates of birth.

Additionally, protected health information (PHI) was exposed, including treating physicians, dates of service, medication information, insurance details, and treatment or diagnostic information. It is important to note that Union Health’s own electronic health records (EHR) and internal systems were not compromised; the breach was limited to Oracle Health/Cerner’s data migration environment.

Further details about the breach and its scope can be found in the official disclosure on the U.S. Department of Health and Human Services’ breach portal.

Union Health System's response

Union Health responded swiftly upon learning of the breach. The organization launched an internal investigation, collaborated with cybersecurity experts, and notified law enforcement. On April 21, 2025, Union Health mailed notification letters to affected patients, outlining the nature of the incident and the types of information involved.

Recognizing the seriousness of the breach, Union Health is offering complimentary identity monitoring services to those affected. Patients are encouraged to review statements from their healthcare providers and health insurers for any unauthorized charges or suspicious activity. If discrepancies are found, individuals should contact their healthcare entity or insurer immediately.

To further support affected individuals, Union Health has established a dedicated, toll-free call center at 1-888-562-7131, available Monday through Friday between 9:00 a.m. and 9:00 p.m. Eastern Time (excluding major U.S. holidays). More information and updates are available on the Union Health website.

Given that the breach was the result of unauthorized access to a third-party vendor’s environment, it is especially important for patients to remain vigilant. Monitoring financial and medical records, enrolling in the offered identity protection services, and staying informed through official channels are recommended steps to help mitigate potential risks.