Oracle Health is notifying some Glens Falls Hospital patients of a data security incident. Oracle Health is an electronic health record vendor that works with hospitals and other healthcare providers. According to Oracle Health, sometime after January 22, 2025, an unauthorized third party gained access to the Cerner electronic medical record which contained protected health information for Glens Falls Hospital patients, along with patients at other hospitals across the country. 

As of November 2, 2024, Glens Falls Hospital no longer uses Oracle Health/Cerner as its electronic health record vendor.  

It is important to note that this incident occurred at Oracle Health. It did not involve Glens Falls Hospital’s computer systems or current electronic health records platform. Nevertheless, Glens Falls Hospital has been working with Oracle Health to coordinate notice to patients and is also working with Oracle Health to provide 24-months of complimentary credit monitoring and identity protection services to involved patients. The notification letter patients will receive contains information and actions individuals can take to protect against the misuse of their information.  

In response, Oracle Health stated that it initiated its incident response process and took steps to secure the impacted systems. Oracle Health also began an investigation, engaged external cybersecurity specialists, and engaged with federal law enforcement.  

On June 6, 2025, Oracle Health provided Glens Falls Hospital with a list of Glens Falls Hospital patients whose information may have been accessed. Oracle Health indicated that the files involved in the incident contained information that varied by patient but could have included patients’ names, Social Security numbers, and information included within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.