Providence is providing notice of a data privacy incident impacting Cerner, a third-party vendor that provides electronic health record (EHR) services to Providence. The vendor determined through an investigation that, at least as early as Jan. 22, 2025, an unauthorized third party gained access to personal health information on legacy Cerner systems. This privacy event resulted in the exposure of some patients’ names, Social Security numbers, and information included within patient medical records, such as demographic information, medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment from Cerner’s files. Upon learning of the incident, Cerner initiated its critical response process to secure the impacted systems, began an investigation, engaged external cybersecurity experts and contacted law enforcement.
All impacted patients have been notified by Cerner and have been offered two years of no-cost credit monitoring and identity protection services. Patients who were affected or believe they were affected are advised to contact Cerner at 833-918-6624 and reference Engagement Number B157205.
