**Aultman Health System Reports Third-Party Data Breach Impacting Patient Records**
Aultman Health System, based in Canton, Ohio, has begun notifying patients of a data breach involving a third-party IT provider, Cerner Corporation, which may have exposed sensitive personal and medical information. The incident, detected in late February, stemmed from unauthorized access to a Cerner system used for electronic medical records, though Aultman confirmed its own systems remained unaffected.
According to a patient notification letter, Cerner’s investigation—conducted with external cybersecurity experts and law enforcement—revealed that the breach occurred as early as January 22. The unauthorized party accessed and copied data, which may have included names, Social Security numbers, medical record details, diagnoses, treatment histories, test results, and physician information.
At law enforcement’s request, Cerner and Aultman delayed public notification to avoid interfering with the investigation. As a remedial measure, Cerner is offering affected individuals two years of free credit monitoring and identity protection services through Experian, along with internet surveillance monitoring. Patients seeking further details can contact a dedicated hotline at 833-918-1127, using engagement number B156918.
Cerner Corporation cybersecurity rating report: https://www.rankiteo.com/company/cerner-corporation
Aultman Health Foundation cybersecurity rating report: https://www.rankiteo.com/company/aultman-health
"id": "CERAUL1766771763",
"linkid": "cerner-corporation, aultman-health",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients of Aultman Health '
'System',
'industry': 'Healthcare',
'location': 'Canton, Ohio, USA',
'name': 'Aultman Health System',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized third-party access',
'customer_advisories': 'Free identity protection services and credit '
'monitoring through Experian for two years; Internet '
'Surveillance monitoring services',
'data_breach': {'data_exfiltration': 'Yes (copied to an external location)',
'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'medical record '
'numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2024-02-29',
'description': 'Aultman Health System notifies patients of a third-party data '
'breach that may have compromised personal information such as '
'names, Social Security numbers, and certain medical records. '
'The breach occurred at Cerner Corporation, an IT provider for '
'electronic medical record services.',
'impact': {'data_compromised': 'Names, Social Security numbers, medical '
'record numbers, doctors, diagnoses, '
'medicines, test results, images, care and '
'treatment',
'identity_theft_risk': 'High',
'systems_affected': 'Cerner Corporation system (third-party IT '
'provider)'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Aultman Health System Notification Letter'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA']},
'response': {'communication_strategy': 'Delayed notification to patients as '
'directed by law enforcement; '
'individual notification letters with '
'engagement numbers',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'External cybersecurity specialists'},
'stakeholder_advisories': 'Law enforcement directed delayed notification to '
'avoid impeding the probe',
'threat_actor': 'Unauthorized third party',
'title': 'Aultman Health System Medical Data Breach',
'type': 'Data Breach'}