**Cybersecurity Incident at OSF HealthCare Exposes Patient Data via Former Vendor Cerner**
OSF HealthCare disclosed a cybersecurity incident involving its former electronic health record (EHR) vendor, Cerner, which may have exposed sensitive patient information. The breach, detected in September, stemmed from unauthorized access to legacy Cerner systems as early as January 2024. While OSF confirmed the incident did not affect its own systems or hospital operations, it impacted multiple healthcare facilities, though only patients of OSF Saint Clare Medical Center in Princeton were formally notified.
Cerner, which no longer provides services to OSF, identified the breach and launched an investigation, securing the compromised systems and engaging external cybersecurity experts. Law enforcement requested a delay in notifying affected parties to avoid interfering with the probe. OSF began notifying patients in November after Cerner completed a data review, providing a list of individuals whose information may have been accessed.
Exposed data includes patient names, Social Security numbers, medical record details (such as diagnoses, medications, test results, and treatment information), and physician names. As a precaution, OSF and Cerner are offering two years of complimentary credit monitoring and identity restoration services to affected patients. The incident highlights broader vulnerabilities in third-party healthcare IT systems, with Cerner confirming the breach extended beyond OSF facilities.
OSF HealthCare TPRM report: https://www.rankiteo.com/company/osf-healthcare
Cerner TPRM report: https://www.rankiteo.com/company/cerner-corporation
OSF Saint Clare Medical Center TPRM report: https://www.rankiteo.com/company/osf-healthcare
"id": "osfcerosf1766606283",
"linkid": "osf-healthcare, cerner-corporation, osf-healthcare",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients of OSF Saint Clare '
'Medical Center and other OSF '
'facilities',
'industry': 'Healthcare',
'location': 'Princeton',
'name': 'OSF Saint Clare Medical Center',
'type': 'Hospital'},
{'customers_affected': 'Multiple healthcare facilities',
'industry': 'Healthcare IT',
'name': 'Cerner',
'type': 'Electronic Health Record Vendor'}],
'attack_vector': 'Unauthorized third-party access',
'customer_advisories': 'Notification letters sent to affected patients',
'data_breach': {'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'medical record '
'numbers, diagnoses, '
'medications, test '
'results, images, and '
'treatment details',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2023-09',
'date_resolved': '2023-11',
'description': "OSF confirmed that patients' personal and medical information "
'may have been exposed in a breach involving its former '
'electronic health record software vendor, Cerner. An '
'unauthorized third party gained access to legacy Cerner '
'systems, potentially compromising patient data from multiple '
'OSF facilities.',
'impact': {'data_compromised': 'Patient names, Social Security numbers, '
'medical record numbers, physicians, '
'diagnoses, medications, test results, images, '
'and details related to care and treatment',
'identity_theft_risk': 'High (due to exposure of SSNs and medical '
'records)',
'operational_impact': 'No impact on hospital operations',
'systems_affected': 'Legacy Cerner systems'},
'initial_access_broker': {'entry_point': 'Legacy Cerner systems',
'reconnaissance_period': 'As early as January 2023'},
'investigation_status': 'Completed (data review finalized in November 2023)',
'post_incident_analysis': {'corrective_actions': 'OSF no longer uses Cerner’s '
'services',
'root_causes': 'Unauthorized third-party access to '
'legacy systems'},
'recommendations': 'Offer complimentary credit monitoring and identity '
'restoration services to affected patients',
'references': [{'source': 'Shaw Local News Network'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA']},
'response': {'communication_strategy': 'Delayed patient notification at the '
'request of investigators',
'containment_measures': 'Secured affected systems',
'incident_response_plan_activated': 'Yes (by Cerner)',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'External cybersecurity specialists'},
'title': 'OSF Healthcare Patient Data Breach via Former Vendor Cerner',
'type': 'Data Breach'}