Cyberattack on OSF Healthcare Exposes Patient Data Across Northern Illinois
In late December 2025, OSF Saint Clare Medical Center in Princeton disclosed a data breach affecting its medical records system provider, Cerner. The incident, first detected in January 2025, involved unauthorized access to sensitive patient information, including names, Social Security numbers, medical records, diagnoses, medications, and test results. Law enforcement requested a delay in notifying patients until September to avoid interfering with the investigation.
OSF later confirmed that multiple facilities were impacted, though further details remain undisclosed. The breach highlights a growing trend of cyberattacks targeting healthcare systems, driven by their complex IT infrastructure, 24/7 operational demands, and the high stakes of downtime where even an hour offline can disrupt surgeries, patient portals, and critical test results.
Cybersecurity experts, including Jon Pisani of PSM Partners, note that hospitals’ interconnected systems and urgency to restore services make them prime targets for ransomware and data theft. The rise of AI has further lowered the barrier for attackers, enabling faster data parsing and more efficient exploitation of vulnerabilities. However, AI tools used by employees can also introduce risks if sensitive information is inadvertently exposed on public platforms.
Human error remains a key entry point for cybercriminals, with phishing emails often serving as the initial attack vector. Once inside, hackers may monitor communications, alter emails, or exfiltrate data before demanding ransom. Unlike ransomware, which can be mitigated with backups, data leaks pose long-term risks, as stolen information may be publicly disseminated even after systems are restored.
In response, hospitals are adopting layered security measures, such as zero-trust models, restricted access, and continuous monitoring. Morris Hospital, which experienced a similar breach in 2023, implemented additional safeguards and offered free identity monitoring to affected individuals. Both OSF and Morris provided credit monitoring services and advised patients to monitor financial and medical records for suspicious activity.
While healthcare systems continue to bolster defenses, experts caution that cybersecurity is an evolving challenge. As Pisani noted, new threats emerge as old vulnerabilities are addressed, ensuring that hospitals with their vast stores of valuable data will remain persistent targets.
Cerner TPRM report: https://www.rankiteo.com/company/cerner-corporation
OSF Healthcare TPRM report: https://www.rankiteo.com/company/osf-healthcare
OSF Saint Clare Medical Center TPRM report: https://www.rankiteo.com/company/osf-healthcare
"id": "cerosf1771973986",
"linkid": "cerner-corporation, osf-healthcare",
"type": "Cyber Attack",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Patients across multiple OSF '
'facilities',
'industry': 'Healthcare',
'location': 'Princeton, Illinois',
'name': 'OSF Saint Clare Medical Center',
'type': 'Healthcare Provider'},
{'industry': 'Healthcare IT',
'name': 'Cerner',
'type': 'Medical Records System Provider'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Patients advised to monitor financial and medical '
'records for suspicious activity. Free credit '
'monitoring and identity theft protection offered.',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information',
'Medical Records']},
'date_detected': '2025-01',
'date_publicly_disclosed': '2025-12',
'description': 'In late December 2025, OSF Saint Clare Medical Center in '
'Princeton disclosed a data breach affecting its medical '
'records system provider, Cerner. The incident involved '
'unauthorized access to sensitive patient information, '
'including names, Social Security numbers, medical records, '
'diagnoses, medications, and test results. Multiple OSF '
'facilities were impacted, though further details remain '
'undisclosed.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Sensitive patient information, including '
'names, Social Security numbers, medical '
'records, diagnoses, medications, and test '
'results',
'identity_theft_risk': 'High',
'operational_impact': 'Disruption to surgeries, patient portals, '
'and critical test results',
'systems_affected': 'Medical records system (Cerner)'},
'initial_access_broker': {'entry_point': 'Phishing emails (suspected)'},
'investigation_status': 'Ongoing (as of disclosure)',
'lessons_learned': 'Healthcare systems are prime targets due to their complex '
'IT infrastructure, 24/7 operational demands, and high '
'stakes of downtime. Human error, such as phishing emails, '
'remains a key entry point for cybercriminals. Data leaks '
'pose long-term risks even after systems are restored.',
'motivation': 'Data Theft',
'post_incident_analysis': {'corrective_actions': ['Layered security measures',
'Enhanced monitoring',
'Employee training'],
'root_causes': ['Complex IT infrastructure',
'Human error (phishing)',
'High-value data']},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': ['Adopt layered security measures (e.g., zero-trust '
'models, restricted access, continuous monitoring)',
'Provide credit monitoring and identity theft protection '
'for affected individuals',
'Educate employees on phishing and AI-related risks'],
'references': [{'source': 'OSF Saint Clare Medical Center Disclosure'},
{'source': 'Cybersecurity Expert Jon Pisani (PSM Partners)'}],
'response': {'communication_strategy': 'Delayed notification at law '
"enforcement's request",
'law_enforcement_notified': 'Yes'},
'title': 'Cyberattack on OSF Healthcare Exposes Patient Data Across Northern '
'Illinois',
'type': 'Data Breach'}