St. Joseph, Mo.-based Mosaic Life Care said it was affected by a data breach that originated at EHR vendor Oracle Health.
The health system started notifying affected patients June 27 that it had been contacted by an unknown party earlier in the year who claimed to have its patient information, which Mosaic determined likely originated from Oracle Health’s data migration environment.
In May, Oracle Health confirmed the data came from its systems, which an unknown party had accessed using compromised credentials as early as January, Mosaic said. In June, Oracle Health provided the health system with a list of affected Mosaic patients. The data spanned driver’s license and Social Security numbers to diagnostic and treatment information.
“It is important to note that the incident involved Oracle Health/Cerner’s system, not Mosaic’s systems,” Mosaic stated. “We remain committed to upholding high standards of custodianship of information held by our third-party vendors, including Oracle Health/Cerner.”
Mosaic joins other health systems that have been ensnared in the Oracle Health breach, including Tallahassee (Fla.) Memorial Healthcare and Terre Haute, Ind.-based Union Health.
