Several thousand Atrium patients in Charlotte area were hit by data breach
Editor’s note: This story was updated on May 8, 2026, with information from the N.C. Attorney General’s office.
Atrium Health has begun notifying several thousand patients in the Charlotte region about a data breach from last year that might affect them.
Charlotte-based Atrium, North Carolina’s largest health provider is notifying people affected by a “security incident” in February 2025, according to a letter dated April 30, 2026, and shared with The Charlotte Observer on Thursday.
Cerner Health, a third-party electronic medical record vendor, notified Atrium in December that patients’ personal or health information may have been accessed by an unauthorized party, Atrium said. Cerner was acquired by Oracle Health in 2022 and now operates as a business unit within the company, headquartered in Kansas City, Missouri.
Atrium said it no longer uses Cerner but was storing records and helping to move patient records. “Unfortunately, Cerner informed us that the incident impacted certain information in the greater Charlotte area,” the letter stated.
”This situation did not involve access to, nor was it a failure of, our systems,” Atrium said in a statement Friday to The Charlotte Observer. “Protecting patient privacy remains a top priority, and we are notifying potentially impacted patients.”
The letter did not indicate the number of patients who might be impacted, and Atrium did not address that question in its response to the Observer.
But Cerner estimated that 4,035 people in North Carolina were affected by hackers unauthorized access to its systems, according to a data breach notice sent July 25, 2025, from Cerner to N.C. Attorney General Jeff Jackson’s office. Overall, nearly 2 million people were affected on Cerner’s systems. Cerner is a vendor used by many health care providers across the country.
Law enforcement investigators directed Cerner to delay notifying potentially impacted customers and individuals in North Carolina for a specific period of time because it could have impeded the investigation, Cerner said in the notice.
The notice to patients comes as Atrium plans to invest $2 billion in a proposed merger with WakeMed in the Raleigh region. If approved, the deal would reshape North Carolina’s healthcare landscape and create the state’s largest nonprofit mental health network.
But the deal quickly received pushback from state and local officials after it was announced last Friday, May 1. Wake County commissioners postponed a vote that was scheduled just three days later on Monday, May 4.
Atrium Health’s data breach findings
Cerner discovered the incident in February 2025, and contacted Atrium at the end of last year.
Following an investigation, Cerner determined an unauthorized actor gained access to some of its systems as early as Jan. 22, 2025, Atrium said.
“Due to the complexity of the investigation and the nature of the data involved, Cerner only recently notified us that some of our patients’ information was likely impacted,” Atrium said. The hospital system followed with its own investigation, which ended March 12.
Information collected before Aug. 6, 2022, for Atrium Health patients in the greater Charlotte area may have been compromised. Information that may have been exposed includes patient name, address, date of birth, medical record number, providers, diagnoses, medications, test results, images and other medical record information.
And in some instances, Social Security numbers also may have been exposed, according to Cerner’s notice to the state.
Atrium, in the letter shared Thursday with the Observer said, “To the best of Cerner’s knowledge, this incident did not involve access to your Social Security number or access to credit card information or bank account information.”
In another letter shared Friday with the Observer, Atrium told that patient that their Social Security number may have been impacted.
Cerner is not aware of identity theft or fraud related to Atrium Health patient data.
What Atrium Health patients can do
Cerner, on Atrium’s behalf, is offering two years of complimentary enrollment in credit monitoring and access to identity restoration through Experian Identity Works.
“While our systems were not affected in this breach, we have taken steps to address the situation and prevent future occurrences,” Atrium said. “We have and will continue to enhance our security and vendor controls to minimize the risk of similar situations in the future.”
Atrium Health has experienced data security incidents in the past, including over 585,000 patients affected by a breach involving third-party tracking tools on their patient portal and a phishing attack on employee emails, both in 2024. A vendor breach with AccuDoc Solutions Inc. impacted 2.6 million patients in 2018.
Atrium is part of Advocate Health, the third-largest nonprofit health system in the U.S.
It serves 6 million patients across 69 hospitals and more than 1,000 care locations. The system recently partnered with Wake Forest University to launch the city’s first four-year medical school, a centerpiece of The Pearl district in Charlotte.
This story was originally published May 8, 2026 at 5:03 AM.
