Oracle Health is a third-party service provider of electronic health record (“EHR”) applications. Some hospitals that may utilize Oracle Health EHR include:
- IU Health Methodist Hospital (IN)
- Northside Hospital Atlanta (GA)
- UAB Hospital (AL), Christiana Hospital (DE)
- Penn State Health Milton S Hershey Medical Center (PA)
- Moffitt Cancer Center Magnolia Campus (AKA H Lee Moffitt Cancer Center & Research Institute) (FL)
- Stony Brook University Hospital (NY)
- Los Angeles General Medical Center (FKA LAC & USC Medical Center) (CA)
- Baptist Hospital (FL)
- Westchester Medical Center (NY)
Recently, Oracle Health provided its clients, specifically hospitals and healthcare providers, with notice of a breach that resulted in patients’ personally identifiable information (“PII”) and protected health information (“PHI”) being stolen. Examples of the PII and PHI include individuals’ names, Social Security numbers, driver’s license numbers, government-issued ID number (e.g. passport, state ID card), financial information (e.g. account number, credit or debit card number), medical information, and health insurance information. The Oracle Health breach occurred on or after January 22, 2025 when an unauthorized party accessed a legacy server via stolen credentials and exfiltrated data. To date, Oracle Health has not provided the patients with notice of the breach; rather, Oracle is leaving it up to their clients to issue notification to affected patients. If you or someone you know received services from one of the hospitals listed above or receives a notification letter from a hospital or health organization about a data breach involving a third party service provider and would like additional information about your legal rights, you can contact Goldenberg Schneider, LPA by calling 513-982-1569, sending an email to [email protected] or completing the “Contact Us” form to the right.