ChristianaCare Hit by Major Data Breach Linked to Oracle Health EHR Vulnerability

ChristianaCare, a healthcare provider based in Delaware, disclosed that it suffered a major data security breach after threat actors took advantage of a vulnerability in the Oracle Health Electronic Health Records software used to support its daily operations.

 

In a data security incident notice posted on its website, ChristianaCare said that in April, Oracle Health notified the organisation of a breach in which threat actors gained unauthorised access to legacy Cerner systems on January 22 and stole confidential data belonging to the healthcare provider.

 

Upon identifying, Oracle Health immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“On September 29, 2025, Oracle Health provided ChristianaCare with a list of ChristianaCare patients whose information may have been involved in the incident,” ChristianaCare said.

 

The compromised data included names, Social Security numbers and information included within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.

 

“We regret any concern that Oracle Health’s incident may cause our patients, and we continue to review and assess the cybersecurity protections of our third-party vendors,” ChristianaCare added.

 

The healthcare provider has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

Oracle Health, formerly known as Cerner, is a US-based multinational healthcare software provider specialiSing in health information technology platforms and services, including Electronic Health Records (EHR) and business operations systems for hospitals and healthcare organisations.

 

Earlier this year, Oracle Health experienced a significant data breach involving legacy Cerner data migration servers that had not yet been migrated to Oracle Cloud. The breach was discovered around February 20, 2025, but the unauthorised access occurred approximately from January 22, 2025. Attackers used compromised customer credentials to access and copy sensitive patient data, potentially including electronic health records, to a remote server.