Notice of Oracle Health/Cerner Security Incident

Notice of Oracle Health/Cerner Security Incident

Oracle Health, formerly Cerner Corporation, is a third-party electronic health records (EHR) vendor previously used at Methodist Le Bonheur Healthcare (“MLH”). In April, Oracle Health informed us that an unauthorized third party gained access to older Cerner systems as early as January 22, 2025, and obtained certain data. MLH is one of many health care providers whose information was affected by this Oracle Health/Cerner incident. Upon learning of the incident, Oracle Health began an investigation, engaged external cybersecurity specialists, and engaged with federal law enforcement, who asked that affected organizations delay patient notifications while they conducted their investigation. On October 7, 2025, Oracle Health provided us with a list of MLH patients whose information may have been involved in its incident. The information involved varied by patient but may include names, Social Security numbers, and information included within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.

 

This incident did not involve nor compromise any patient information maintained by MLH or our current IT systems and did not cause any disruption to our clinical operations.

  • Letters are being mailed to patients whose information was involved in this incident, including an offer of a complimentary two-year membership to credit monitoring and identity protection services. Patients are also encouraged to review statements they receive from their healthcare providers and health insurer and immediately report any inaccuracies to the provider or insurer. Individuals who have questions about the event may contact [TFN: 833-918-1125] toll free, Monday through Friday from 9am – 9pm Eastern Time (excluding major U.S. holidays) and provide engagement number [B155675].

 

We regret any concern that Oracle Health’s incident may cause our patients and continue to review and assess the cybersecurity protections of our third-party vendors.