St. Joseph, Missouri-based Mosaic Life Care has confirmed it was affected by a data breach originating at its electronic health record (EHR) vendor, Oracle Health (formerly Cerner). The breach was discovered after Mosaic Life Care was contacted by an unknown third party earlier in 2025, who claimed to possess patient information. Mosaic Life Care verified these claims on April 29, 2025, and by May 2, 2025, determined that the source of the compromised data was Oracle Health.
How the breach occurred
Oracle says the incident took place during Oracle Health’s migration of data from legacy Cerner systems to the new Oracle Health platform. A hacker gained access to two legacy Cerner servers using compromised credentials as early as January 22, 2025. Oracle Health confirmed that the breach was limited to these two servers and did not affect Mosaic Life Care’s own systems.
While Oracle Health has not publicly disclosed the exact number of affected clients, several independent reports confirm that multiple U.S. hospitals and healthcare organizations were compromised.
Data compromised
The stolen data included Social Security numbers, driver’s license numbers, dates of birth, treating physicians, dates of service, medication information, insurance information, and treatment or diagnostic information. Oracle Health provided Mosaic Life Care with a list of affected individuals in June 2025.
Response and patient notification
Mosaic Life Care began notifying affected patients on June 27, 2025. The organization is offering complimentary identity monitoring services to those impacted. Mosaic Life Care emphasized that the breach involved Oracle Health’s systems, not its own internal systems.
Broader context
The breach has led to extortion attempts against affected hospitals, with a threat actor demanding millions in cryptocurrency and publicizing the breach to pressure institutions. Oracle Health has stated it will assist affected hospitals in identifying impacted individuals and provide resources for patient notification and credit monitoring. Lawsuits have been filed against Oracle, alleging negligence in securing legacy Cerner servers after the acquisition.
