What to Do After the Oracle Health Data Breach

In early 2025, Oracle Health — formerly known as Cerner, one of the largest electronic health records (EHR) providers in the United States — suffered a significant data breach that compromised patient records at dozens of hospitals and healthcare systems. The breach exposed sensitive medical data including patient names, diagnoses, medications, test results, and in some cases, Social Security numbers. If you received care at an affected hospital, here is what you need to do to protect yourself.

What Happened

An unknown threat actor used stolen credentials to access legacy Oracle Health servers — systems that had not yet been migrated to Oracle Cloud after Oracle's acquisition of Cerner in 2022. The unauthorized access occurred on or around January 22, 2025, and was discovered by Oracle on approximately February 20, 2025.

The breach affected legacy Cerner servers that stored electronic health records for multiple hospital systems across the United States. Oracle notified affected healthcare organizations privately, though the company faced criticism for initially downplaying the severity of the incident in public statements.

What Data Was Exposed

The potentially compromised information varies by healthcare system but may include:

• Patient names and contact information including addresses
• Dates of birth
• Medical record numbers
• Provider names and treating physician information
• Diagnoses and conditions
• Medications and prescriptions
• Test results and lab work
• Medical images
• Social Security numbers in some cases
• Health insurance information

Which Healthcare Systems Were Affected

The full scope of affected organizations continues to emerge. Confirmed affected systems include:

• AdventHealth — a 50+ hospital system and the largest confirmed affected organization
• Atrium Health — a major healthcare system serving patients in the Southeast
• Multiple additional hospital systems — estimates suggest up to 80 or more hospitals may have been affected

If you received care at a hospital that uses Oracle Health (formerly Cerner) as its EHR system, you should assume your data may be at risk and take protective action.

Steps to Protect Yourself

Step 1: Confirm If You Are Affected

• Check your mail for breach notification letters from your healthcare provider or Oracle Health
• Call your healthcare provider's privacy office to ask if they were affected by the Oracle Health breach
• Monitor the HHS Office for Civil Rights breach portal at ocrportal.hhs.gov/ocr/breach/breach_report.jsf for updated filings

Step 2: Freeze Your Credit

Place a credit freeze at all three major credit bureaus immediately. This prevents criminals from opening new accounts in your name:

• Equifax: equifax.com/personal/credit-report-services/credit-freeze/ or call (888) 298-0045
• Experian: experian.com/freeze or call (888) 397-3742
• TransUnion: transunion.com/credit-freeze or call (888) 909-8872

Step 3: Monitor Your Explanation of Benefits

Watch your health insurance Explanation of Benefits (EOB) statements closely for services you did not receive. Medical identity theft often shows up as:

• Bills for medical services or procedures you never had
• Insurance claims for medications you did not take
• Providers or facilities you have never visited
• Unexpected denials of insurance coverage due to reaching coverage limits

Step 4: Request Your Medical Records

Under HIPAA, you have the right to access your complete medical records. Request copies from all providers where you received care through Oracle Health/Cerner systems. Review them for any unfamiliar entries, treatments, or diagnoses that could indicate medical identity theft.

Step 5: Set Up Fraud Alerts

• Place a free fraud alert on your credit reports through any one of the three bureaus — they are required to notify the other two
• Consider an extended fraud alert if your Social Security number was exposed, which lasts 7 years
• Sign up for free credit monitoring if offered by Oracle or your healthcare provider

Step 6: Monitor the Dark Web

Stolen medical records frequently appear on dark web marketplaces. Dark web monitoring services can alert you if your personal or medical information appears in underground forums or data dumps.

Step 7: Document Everything

Keep a detailed record of all actions you take, including dates, confirmation numbers, and copies of correspondence. This documentation will be essential if you need to dispute fraudulent charges, file an identity theft report, or pursue legal action.

Watch for Scams Related to the Breach

After any major data breach, scammers exploit the situation by sending phishing emails, texts, and calls posing as Oracle, your hospital, or your insurance company. Be alert for:

• Emails asking you to "verify" personal information or click a link to check your breach status
• Phone calls claiming to be from your hospital's fraud department asking for your SSN or insurance details
• Fake credit monitoring offers that require your financial information

Legitimate breach notifications will come by postal mail and will never ask you to provide sensitive information via email or phone.

Long-Term Protection

The Oracle Health breach is a reminder that healthcare data is a high-value target for cybercriminals. Beyond the immediate steps above, ongoing monitoring is essential since stolen medical data can be exploited months or even years after a breach.

PrivacyOn provides continuous dark web monitoring that alerts you if your personal data — including information from medical data breaches — appears on underground marketplaces. Combined with data removal from 100+ data brokers that may be selling your personal information, PrivacyOn offers the kind of comprehensive, ongoing protection you need after a breach of this magnitude.