Atrium Health has started sending out letters to Charlotte-area patients, warning that some medical records may have been exposed in a third-party data breach tied to Cerner's older systems. Cerner, now operating inside Oracle Health, discovered a security problem in February 2025 and later determined that an unauthorized actor had been inside certain systems as early as Jan. 22, 2025. Atrium is telling patients that the records most at risk are those created or stored before Aug. 6, 2022 for greater Charlotte patients, and before July 3, 2021 for some other locations.
What Atrium Told Patients
In an online notice, Atrium Health said Cerner alerted the system that information Cerner was storing or migrating for certain Charlotte-area patients "may have been impacted." The notice lists a wide range of data that could be involved, including patient names, addresses, dates of birth, medical record numbers, providers, diagnoses, medications, test results, images and other medical-record details. It also notes that Social Security numbers may have been included in some records. Atrium emphasized that its own systems were not part of the breach and that, to Cerner's knowledge, there has been no known identity theft or fraud linked to the incident so far, according to Atrium Health.
Vendor Timeline And Monitoring
Substitute notices posted by hospitals that use Cerner state that the vendor first became aware of suspicious activity in February 2025 and that the unauthorized actor had accessed certain legacy migration systems on or after Jan. 22, 2025. Those notices, including one from UMC Health System, say Cerner is offering two years of complimentary credit monitoring and identity restoration services through Experian IdentityWorks to people identified as potentially affected. The UMC notice also explains that law enforcement officials instructed Cerner to delay notifying some customers while the investigation was underway, according to UMC Health System.
Wider Fallout And Legal Risk
The breach has not been limited to Charlotte. Trade coverage shows that more than a dozen health systems have reported being caught up in Cerner's legacy-system incident. Becker's Hospital Review has been tracking hospital disclosures as they surface. On the legal front, a federal class-action complaint filed in May accuses Oracle Health, doing business as Cerner, of failing to adequately protect patient data and of delaying timely notification of the breach, according to the federal court filing.
What Patients Should Do
Atrium's letter tells patients who receive a notice to follow the enrollment instructions included in the mailing or to call Cerner's dedicated line at 833-918-8326 with questions about the complimentary monitoring offer. The letters walk patients through how to sign up for Experian IdentityWorks and outline basic steps for keeping an eye on medical bills and credit reports for anything that looks off. Local coverage by the Charlotte Observer reviewed Atrium's communication and noted that the system did not disclose how many patients might be affected.
Background
This is not Atrium's first brush with privacy trouble. Local and industry reporting detail a 2024 disclosure involving tracking technologies in its patient portal that affected hundreds of thousands of users, and a 2018 incident in which a breach at billing vendor AccuDoc exposed roughly 2.65 million records. Atrium is part of Advocate Health, a nationwide nonprofit that says it serves nearly 6 million patients across 69 hospitals and more than 1,000 care locations, according to WCCB and Advocate Health. Those earlier episodes underscore how a vendor breach at a major electronic health record company can quickly ripple across multiple health systems.
