Charlotte patients of Atrium Health were hit by data breach. Notifications begin.
Atrium Health has begun notifying patients in the Charlotte region about a data breach from last year that might affect them.
Charlotte-based Atrium, North Carolina’s largest health provider is notifying people affected by a “security incident” in February 2025, according to a letter dated April 30, 2026, and shared with The Charlotte Observer on Thursday.
Cerner Health, a third-party electronic medical record vendor, notified Atrium in December that patients’ personal or health information may have been accessed by an unauthorized party, Atrium said. Cerner was acquired by Oracle Health in 2022 and now operates as a business unit within the company, headquartered in Kansas City, Missouri.
“This incident in no way involved Atrium Health’s systems,” Atrium said in the letter.
Atrium said it no longer uses Cerner but was storing records and helping to move patient records. “Unfortunately, Cerner informed us that the incident impacted certain information in the greater Charlotte area,” the letter stated.
Atrium officials did not respond to requests for comment Thursday on the latest data breach. And the letter did not indicate the total number of patients that might be impacted.
The notice to patients comes as Atrium plans to invest $2 billion in a proposed merger with WakeMed in the Raleigh region. If approved, the deal would reshape North Carolina’s healthcare landscape and create the state’s largest nonprofit mental health network.
But the deal quickly received pushback from state and local officials after it was announced last Friday, May 1. Wake County commissioners postponed a vote that was scheduled just three days later on Monday, May 4.
Atrium Health’s data breach findings
Cerner discovered the incident in February 2025, and contacted Atrium at the end of last year.
Following an investigation, Cerner determined an unauthorized actor gained access to some of its systems as early as Jan. 22, 2025, Atrium said.
“Due to the complexity of the investigation and the nature of the data involved, Cerner only recently notified us that some of our patients’ information was likely impacted,” Atrium said. The hospital system followed with its own investigation, which ended March 12.
Information collected before Aug. 6, 2022, for Atrium Health patients in the greater Charlotte area or before July 3, 2021, may have been compromised. Information that may have been exposed includes patient name, address, date of birth, medical record number, providers, diagnoses, medications, test results, images and other medical record information.
Cerner is not aware of identity theft or fraud related to Atrium Health patient data.
“To the best of Cerner’s knowledge, this incident did not involve access to your Social Security number or access to credit card information or bank account information,” Atrium stated in its letter.
What Atrium Health patients can do
Cerner, on Atrium’s behalf, is offering two years of complimentary enrollment in credit monitoring and access to identity restoration through Experian Identity Works.
“While our systems were not affected in this breach, we have taken steps to address the situation and prevent future occurrences,” Atrium said. “We have and will continue to enhance our security and vendor controls to minimize the risk of similar situations in the future.”
Atrium Health has experienced data security incidents in the past, including over 585,000 patients affected by a breach involving third-party tracking tools on their patient portal and a phishing attack on employee emails, both in 2024. A vendor breach with AccuDoc Solutions Inc. impacted 2.6 million patients in 2018.
Atrium is part of Advocate Health, the third-largest nonprofit health system in the U.S.
It serves 6 million patients across 69 hospitals and more than 1,000 care locations. The system recently partnered with Wake Forest University to launch the city’s first four-year medical school, a centerpiece of The Pearl district in Charlotte.
