Aultman Health System Reports Data Breach Impacting Patient Information Including Social Security Numbers
Post Summary
Ohio-based nonprofit Aultman Health System has disclosed a significant data breach involving its third-party electronic health record (EHR) vendor, Cerner. According to the Substitute Notice Letter for Consumers, an unauthorized third party gained access to sensitive information stored in legacy Cerner systems, exposing the personal and health data of patients.
Breach Timeline and Scope
The breach was first detected as having occurred on January 22, 2025. However, notification to impacted hospitals and patients was delayed at the direction of law enforcement to avoid interfering with an ongoing investigation. This incident affects patients whose records were stored on the legacy systems used by Aultman Hospital, Aultman Alliance Community Hospital, and Aultman Orrville Hospital.
The data exposed in the breach includes both personally identifiable information (PII) and protected health information (PHI). Specific details include names, Social Security numbers, medical record numbers, treating physicians, diagnoses, medications, test results, medical images, and information about care and treatment.
sbb-itb-535baee
Response Measures and Recommendations
To assist those affected, Cerner is offering two years of complimentary credit monitoring and identity protection services through Experian. Impacted individuals have been notified directly by letter, which provides further instructions and an engagement number for support. For those who believe they may have been impacted but have not received a letter, Cerner has provided a dedicated helpline at 833-918-1127 with engagement number B156918.
Given the potential risks associated with the exposed information, affected individuals are strongly encouraged to take proactive measures, such as:
- Reviewing statements from health care providers, insurance companies, and financial institutions for unusual or unauthorized activity.
- Obtaining free annual credit reports from the three major credit bureaus.
- Considering placing a fraud alert or a security freeze on their credit files.
- Contacting the Federal Trade Commission or their state attorney general for additional guidance on protecting against identity theft.
Additional information, including contact details for credit bureaus and consumer protection agencies, is available in the official notice to consumers provided by Aultman Health System.
Looking Ahead
The breach highlights the critical importance of data security within the health care industry, particularly when dealing with sensitive personal and medical information. As investigations continue, affected individuals are encouraged to remain vigilant and utilize the resources provided to safeguard their information. Aultman Health System and Cerner are working to address the issue and support those impacted by the incident.
