By HFT Staff

Cerner, now part of Oracle Health, a third-party electronic health record (EHR) vendor used by many healthcare providers nationwide recently notified Atrium Health that certain of its patient information was impacted in a security incident that occurred on Cerner's systems. 

While Atrium no longer utilizes Cerner as a primary EHR provider, certain sites within its system historically used Cerner systems. As part of Atrium’s transition to other EHR vendors, Cerner has assisted in migrating patient records from legacy Cerner systems and remains responsible for storing and protecting personal and medical information of Atrium’s patients in carrying out such assistance. 

Cerner informed Atrium that the incident impacted certain information being maintained and migrated by Cerner relating to certain patients who received care from Atrium Health in the greater Charlotte area before Aug. 6, 2022, or from Atrium Health Navicent (formerly Navicent Health) before July 3, 2021. 

Based on information provided to Atrium by Cerner, Cerner became aware of a security incident in February 2025, in which an unauthorized third party gained access to certain legacy Cerner systems. Cerner contacted law enforcement, engaged cybersecurity specialists, began an investigation and initiated its critical incident response process, including taking steps to secure the impacted systems. Through this investigation, Cerner determined that the unauthorized actor had gained access to some Cerner systems at least as early as Jan. 22, 2025. 

Due to the complexity of the investigation and the nature of the data involved, Cerner only recently notified Atrium that some of its patients' information was likely impacted. Upon receiving such notice, Atrium promptly began investigating the incident to determine the scope of impact to its patients, concluding its review on March 12, 2026. 

For Atrium Health patients in the greater Charlotte area who received care before Aug. 6, 2022, or Atrium Health Navicent patients who received care before July 3, 2021, certain patient information may have been impacted: patient name, address, date of birth, medical record number, providers, diagnoses, medications, test results, images and other information included with patient medical records, including, in certain instances, Social Security numbers. 

To the best of Cerner's knowledge, this incident did not involve access to credit card information or bank account information. 

While Atrium Health's systems were not affected by this breach, it has taken steps to address the situation and prevent future occurrences. It promptly engaged its privacy and cybersecurity teams to investigate the incident and have worked closely with Cerner to determine the scope of the breach and identify potentially impacted patients. 

Cerner indicated it has taken remedial steps designed to prevent this kind of event from happening again, including, but not limited to, enhanced technical protections and increased monitoring. 

Importantly, Cerner reported that it is not aware of any evidence to suggest there has been identity theft or fraud related to Atrium Health patient data.