Newark, Del.-based ChristianaCare is the latest health system to confirm it was affected by a cybersecurity incident involving its EHR vendor, Oracle Health, formerly known as Cerner.
In a post on its website, the system said an unauthorized third party accessed legacy Cerner systems as early as Jan. 22. Patient information varied by individual and could include names, Social Security numbers, diagnoses, medications, test results and treatment details. ChristianaCare said its internal systems and clinical operations were not affected.
The Oracle Health breach, first disclosed earlier in 2025, has affected multiple health systems, including Terre Haute, Ind.-based Union Health, St. Joseph, Mo.-based Mosaic Life Care, Baltimore-based LifeBridge Health, Tallahassee (Fla.) Memorial Healthcare, North Kansas City (Mo.) Hospital and Glens Falls (N.Y.) Hospital. Union Health reported more than 260,000 affected individuals; Mosaic reported more than 145,000.
Oracle Health has said it delayed notifications at the request of federal law enforcement. Affected hospitals are now notifying patients and offering credit monitoring where applicable.
