DELAWARE- ChristianaCare says some of its patient data was taken in a nationwide cybersecurity attack targeting Oracle Health, formerly Cerner Corporation. The organization confirms its own networks were not affected and its clinical operations continued without disruption.
Oracle Health notified ChristianaCare in April that an unauthorized third party accessed legacy Cerner systems as early as Jan. 22, 2025, and accessed certain data, according to a statement from the health system. ChristianaCare said Oracle Health launched an investigation, brought in external cybersecurity specialists and worked with federal law enforcement, which asked that patient notifications be delayed during its inquiry.
ChristianaCare received the list of affected patients from Oracle Health on Sept. 29, 2025. According to officials, the compromised information may include names, Social Security numbers, and details found in medical records, such as record numbers, doctors, diagnoses, medications, test results, images, and care or treatment information.
The health organization says letters are being sent out to affected patients, offering a complimentary two-year membership to credit monitoring and minor identity protection services.
ChristianaCare is urging people to review statements from their health care providers and insurers and to report any inaccuracies.
ChristianaCare said it “regret[s] any concern that Oracle Health’s incident may cause our patients,” and added that it is continuing to evaluate cybersecurity protections across its third-party vendors.