• Home
  • cyber
  • Oracle Health, Christus Health and Southwest Care Center: Christus Health, Southwest Care Center warn patients of possible data security incidents
cyber Breach

Oracle Health, Christus Health and Southwest Care Center: Christus Health, Southwest Care Center warn patients of possible data security incidents

Jan 1, 2025 2 min read
Oracle Health, Christus Health and Southwest Care Center: Christus Health, Southwest Care Center warn patients of possible data security incidents

Christus Health and Southwest Care Center Alert New Mexico Patients to Separate Data Security Incidents

In January 2025, an unauthorized user accessed sensitive patient data through a breach at Oracle Health (formerly Cerner Corp.), a laboratory information software vendor used by Christus Health. The exposed information spanning records predating February 2025 includes names, Social Security numbers, lab orders, blood bank records, diagnoses, medications, and test results. While Christus Health’s systems remained unaffected, the organization is collaborating with Oracle to identify and notify impacted individuals.

Separately, Southwest Care Center, which operates clinics in Santa Fe and Albuquerque, disclosed a June 2025 cybersecurity incident where an unauthorized party may have acquired patient data. The center has since strengthened its technical safeguards but has not found evidence of data misuse. However, affected patients have filed a class-action lawsuit in Santa Fe’s First Judicial District Court, alleging negligence in protecting their information and increased risks of identity theft.

Both incidents reflect the growing threat of third-party vendor breaches in healthcare, a trend highlighted by the FBI’s 2024 cybercrime reports. Christus Health and Southwest Care Center are working with regulators to address the fallout, though litigation remains pending. The breaches underscore vulnerabilities in interconnected healthcare systems and the challenges providers face in securing patient data.

Source: https://www.santafenewmexican.com/news/local_news/christus-health-southwest-care-center-warn-patients-of-possible-data-security-incidents/article_6bb79b0d-45c4-4ecb-841a-f9cb7625773b.html

Oracle Health TPRM report: https://www.rankiteo.com/company/oracle-health-llc

Christus Health TPRM report: https://www.rankiteo.com/company/christus-health

Southwest Care Center TPRM report: https://www.rankiteo.com/company/southwest-care-center

"id": "souorachr1771993857",
"linkid": "southwest-care-center, oracle-health-llc, christus-health",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Patients with records predating '
                                              'February 2025',
                        'industry': 'Healthcare',
                        'name': 'Christus Health',
                        'type': 'Healthcare Provider'},
                       {'customers_affected': 'Patients affected by the June '
                                              '2025 incident',
                        'industry': 'Healthcare',
                        'location': 'Santa Fe and Albuquerque, New Mexico',
                        'name': 'Southwest Care Center',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Healthcare IT',
                        'name': 'Oracle Health (formerly Cerner Corp.)',
                        'type': 'Third-party Vendor'}],
 'attack_vector': 'Third-party vendor breach',
 'customer_advisories': 'Notifying impacted individuals',
 'data_breach': {'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'numbers',
                                                         'Lab orders',
                                                         'Blood bank records',
                                                         'Diagnoses',
                                                         'Medications',
                                                         'Test results'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information',
                                              'Medical Records']},
 'date_detected': ['2025-01', '2025-06'],
 'date_publicly_disclosed': ['2025-01', '2025-06'],
 'description': 'In January 2025, an unauthorized user accessed sensitive '
                'patient data through a breach at Oracle Health (formerly '
                'Cerner Corp.), a laboratory information software vendor used '
                'by Christus Health. Separately, Southwest Care Center '
                'disclosed a June 2025 cybersecurity incident where an '
                'unauthorized party may have acquired patient data.',
 'impact': {'brand_reputation_impact': 'Increased risks of identity theft; '
                                       'class-action lawsuit alleging '
                                       'negligence',
            'data_compromised': 'Sensitive patient data including names, '
                                'Social Security numbers, lab orders, blood '
                                'bank records, diagnoses, medications, and '
                                'test results',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Class-action lawsuit filed in Santa Fe’s '
                                 'First Judicial District Court',
            'operational_impact': 'Collaboration with Oracle to identify and '
                                  'notify impacted individuals; strengthened '
                                  'technical safeguards',
            'systems_affected': ['Oracle Health (formerly Cerner Corp.)']},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Growing threat of third-party vendor breaches in '
                    'healthcare; vulnerabilities in interconnected healthcare '
                    'systems',
 'post_incident_analysis': {'corrective_actions': 'Strengthened technical '
                                                  'safeguards; collaboration '
                                                  'with regulators',
                            'root_causes': 'Third-party vendor breach; '
                                           'inadequate technical safeguards'},
 'references': [{'source': 'FBI’s 2024 cybercrime reports'}],
 'regulatory_compliance': {'legal_actions': 'Class-action lawsuit',
                           'regulatory_notifications': 'Working with '
                                                       'regulators'},
 'response': {'communication_strategy': 'Notifying impacted individuals',
              'containment_measures': 'Strengthened technical safeguards',
              'third_party_assistance': 'Collaboration with Oracle Health'},
 'threat_actor': 'Unauthorized user',
 'title': 'Christus Health and Southwest Care Center Data Security Incidents',
 'type': ['Data Breach', 'Cybersecurity Incident']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.