Christus Health Data Breach

Christus Health, a leading Catholic not-for-profit healthcare system, recently disclosed a data breach involving sensitive personal and health information of an undetermined number of individuals. The breach was linked to Oracle Health (formerly Cerner Corporation), a third-party provider that manages healthcare technology solutions used by Christus. Affected individuals are being notified and provided with resources to protect their data.

Christus Health’s Data Breach Investigation

In October 2025, Christus Health was informed by Oracle Health that an unauthorized third party had gained access to its legacy Cerner systems. The breach occurred as early as January 22, 2025, and exposed certain data from these systems. Oracle Health began an investigation to understand the nature of the incident and to determine which data was affected.

Through the investigation, it was confirmed that sensitive personal and protected health information belonging to Christus patients may have been compromised during the breach.

The breach did not affect current clinical records or the operation of Christus Health’s ongoing services, but it involved sensitive historical data stored within the legacy Cerner systems. Once the breach was identified, Christus initiated a review to determine which individuals were affected and the specific data involved.

When Did This Breach Occur?

The unauthorized access occurred on or after January 22, 2025. The breach was reported by Oracle Health to Christus Health in October 2025, and Christus began notifying affected individuals shortly thereafter.

What Information Was Breached?

The exposed data includes:

• Name

• Social Security number

• Health records, such as:

  • Laboratory orders

  • Blood bank records

  • Medical record numbers

  • Doctors

  • Diagnoses

  • Medicines

  • Test results

This type of data exposure significantly increases the risk of identity theft, medical fraud, and financial harm, especially since it includes Social Security numbers and medical records.

What You Can Do

If you were impacted by the Christus Health data breach, consider taking the following steps:

• Enroll in the complimentary 24 months of credit monitoring services offered by Christus Health. This service will help monitor your credit and alert you to any suspicious activity.

• Review your health insurance and medical records carefully for any fraudulent claims or errors.

• Monitor your financial accounts for any unusual activity or transactions that may indicate identity theft.

• Consider placing a fraud alert or security freeze on your credit files to prevent unauthorized access.

• Report any suspicious activity to your financial institution, the Federal Trade Commission (FTC), and local law enforcement.

Remaining vigilant over the next 24 months is critical as the risk of fraud or identity theft can persist for a long time after a data breach.

File a Data Breach Lawsuit Against Christus Health

If your personal information was exposed in the Christus Health data breach, you may be eligible to pursue compensation. Data breaches involving sensitive personal information, including Social Security numbers and health records, can result in significant harm, including medical fraud, identity theft, and financial loss.

Class action lawsuits allow affected individuals to band together and seek restitution for the damages caused by the breach. You may be entitled to compensation for time spent protecting your data, out-of-pocket expenses, and emotional distress.

Contact us at Class Action U for a free consultation. We can connect you with an attorney who specializes in class action lawsuits related to data breaches. Fill out our quick, easy, and secure form to explore your legal options. There is no cost to reach out, and no obligation after speaking with someone from our team.