Notice of Cerner Data Security Incident

Atrium Health is committed to protecting the confidentiality and security of its patients' information. Cerner, now part of Oracle Health, a third-party electronic health record (EHR) vendor used by many health care providers nationwide recently notified us that certain of our patient information was impacted in a security incident that occurred on Cerner's systems. For clarity, this incident did not involve access to, nor was it a failure of, Atrium Health's systems.

While we no longer utilize Cerner as a primary EHR provider, certain sites within our system historically used Cerner systems. As part of our transition to other EHR vendors, Cerner has assisted in migrating patient records from legacy Cerner systems and remains responsible for storing and protecting personal and medical information of our patients in carrying out such assistance. Unfortunately, Cerner informed us that the incident impacted certain information being maintained and migrated by Cerner relating to certain patients who received care from Atrium Health in the greater Charlotte area before Aug. 6, 2022, or from Atrium Health Navicent (formerly Navicent Health) before July 3, 2021.

What happened?

Based on information provided to us by Cerner, Cerner became aware of a security incident in February 2025, in which an unauthorized third party gained access to certain legacy Cerner systems. Cerner contacted law enforcement, engaged cybersecurity specialists, began an investigation and initiated its critical incident response process, including taking steps to secure the impacted systems. Through this investigation, Cerner determined that the unauthorized actor had gained access to some Cerner systems at least as early as Jan. 22, 2025.

Due to the complexity of the investigation and the nature of the data involved, Cerner only recently notified us that some of our patients' information was likely impacted. Upon receiving such notice, we promptly began investigating the incident to determine the scope of impact to our patients, concluding our review on March 12, 2026.

What information was involved?

For Atrium Health patients in the greater Charlotte area who received care before Aug. 6, 2022, or Atrium Health Navicent patients who received care before July 3, 2021, certain patient information may have been impacted: patient name, address, date of birth, medical record number, providers, diagnoses, medications, test results, images and other information included with patient medical records, including, in certain instances, Social Security numbers.

To the best of Cerner's knowledge, this incident did not involve access to credit card information or bank account information.

What are we doing?

While Atrium Health's systems were not affected by this breach, we have taken steps to address the situation and prevent future occurrences. We promptly engaged our privacy and cybersecurity teams to investigate the incident and have worked closely with Cerner to determine the scope of the breach and identify potentially impacted patients.

Cerner indicated it has taken remedial steps designed to prevent this kind of event from happening again, including, but not limited to, enhanced technical protections and increased monitoring.

Importantly, Cerner reported that it is not aware of any evidence to suggest there has been identity theft or fraud related to Atrium Health patient data. However, as a precaution, we are notifying potentially impacted patients by this publication. Cerner is also mailing notification letters that offer complimentary two-year credit monitoring to our patients identified through Cerner's review for whom we have sufficient contact information.

What can you do?

We encourage all patients to routinely check their accounts and consider using publicly available security services to help protect their identities from fraud. Federal regulatory agencies recommend remaining vigilant for 12 to 24 months following a potential exposure of personal information. The notification letter includes guidance and additional information on general steps people can take to monitor and protect their personal information.

For more information

Cerner has established a dedicated, toll-free call center at 833-918-8326 to answer questions from those who were potentially impacted. The call center is available Monday through Friday from 9 a.m. to 9 p.m. eastern time, excluding major U.S. holidays. Callers will be asked for an engagement number, which is B163718.

We apologize for any concern or inconvenience this may have caused. We remain committed to protecting the confidentiality and security of our patients' information and to working closely with our vendors to ensure they uphold our high standards for privacy protection. We have and will continue to enhance our security and vendor controls, as appropriate, to minimize the risk of similar situations in the future.

Frequently Asked Questions

1. What happened?

   Cerner reported that it became aware of a security incident in February 2025 in which an unauthorized third party gained access to certain legacy Cerner systems. Cerner contacted law enforcement, engaged cybersecurity specialists, began an investigation and initiated its critical incident response process, including taking steps to secure the impacted systems. Through this investigation, Cerner determined that the unauthorized actor had gained access to some Cerner systems at least as early as Jan. 22, 2025.

   Due to the complexity of the investigation and the nature of the data involved, Cerner only recently notified us that some of our patients' information was likely impacted. Upon receiving such notice, we promptly began investigating the incident to identify impacted patients.

   For clarity, this incident did not involve access to, nor was it a failure of, Atrium Health's systems.

2. What personal information of mine may have been affected?

   The incident may have impacted information for certain Atrium Health patients in the greater Charlotte area who received care before Aug. 6, 2022, or certain Atrium Health Navicent patients who received care before July 3, 2021. The impacted information for our patients varied by individual, but may have included patient name, address, date of birth, medical record number, providers, diagnoses, medications, test results, images and other information included with patient medical records, including, in certain instances, Social Security numbers.

   To the best of Cerner's knowledge, this incident did not involve access to credit card information or bank account information.

3. What have you done to keep something like this from happening again?

   While our systems were not affected by this breach, we have taken steps to address the situation and prevent future occurrences. We promptly engaged our privacy and cybersecurity teams to investigate the incident and have worked closely with Cerner to determine the scope of the breach and identify potentially impacted patients.

   Furthermore, Cerner indicated it has taken remedial steps designed to prevent this kind of event from happening again, including, but not limited to, enhanced technical protections and increased monitoring.

4. Why does Cerner have my information?

   Cerner, now part of Oracle Health, is a third-party electronic health record (EHR) vendor used by many health care providers nationwide. While we no longer utilize Cerner as a primary EHR provider, certain sites within our system historically used Cerner systems. As part of our transition to other EHR vendors, Cerner has assisted in migrating patient records from legacy Cerner systems and remains responsible for storing and protecting personal and medical information of our patients in carrying out such assistance.

5. What can I do now?

   We encourage all patients to routinely check their accounts and consider using publicly available security services to help protect their identities from fraud. Federal regulatory agencies recommend remaining vigilant for 12 to 24 months following a potential exposure of personal information. The notification letter includes guidance and additional information on general steps people can take to monitor and protect their personal information.