Ascension takes the privacy and security of our patient’s information very seriously. Ascension was recently one of a number of healthcare organizations whose data was involved in a security incident that occurred at Cerner (now Oracle Health). Importantly, Ascension’s systems were not impacted by this incident and there was no disruption to Ascension’s clinical operations. 

Cerner is a third-party electronic health records (EHR) vendor used by many healthcare providers, including Ascension. In March, Cerner informed us that an unauthorized third party gained access to legacy Cerner systems as early as January 22, 2025, and obtained certain information. Upon learning of the incident, Cerner began an investigation, engaged external cybersecurity specialists, and engaged with federal law enforcement, who requested the delay of patient notifications while they conducted their investigation. In November 2025, Cerner provided Ascension with information on impacted individuals, and Ascension worked with Cerner to notify those individuals by mail in December 2025.

The impacted information may have included names, Social Security numbers, and information included within patient medical records, such as medical record numbers, provider names, diagnoses, medications, test results, imaging, and other care and treatment information. 

Impacted individuals are encouraged to review statements they receive from their health care providers and health insurers and immediately report any inaccuracies. Cerner is offering complimentary identity protection services and credit monitoring for two years to individuals. Additional information on steps to protect yourself is available in the below Reference Guide.

If you have further questions or concerns please contact the dedicated call center, toll-free at 833-918-5494 Monday through Friday from 8 am – 8 pm Central (excluding major U.S. holidays). Callers will be asked for an engagement number, which is  B157141.

REFERENCE GUIDE

Review Your Account Statements

Carefully review statements sent to you from your healthcare providers, insurance company, and financial institutions to ensure that all of your account activity is valid. Report any questionable charges promptly to the provider or company with which you maintain the account.

Order Your Free Credit Report

You may also periodically obtain credit reports from the nationwide credit reporting agencies. If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit reporting agency delete that information from your credit report file. In addition, under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. You may obtain a free copy of your credit report by going to www.AnnualCreditReport.com or by calling (877) 322-8228. You may contact the nationwide credit reporting agencies at: 

Equifax	Experian	TransUnion
(800) 685-1111	(888) 397-3742	(833) 799-5355
P.O. Box 740241	P.O. Box 9701	P.O. Box 2000
Atlanta, GA 30374-0241	Allen, TX 75013-9701	Chester, PA 19016-2000
www.Equifax.com	www.Experian.com	www.TransUnion.com

You also have other rights under the Fair Credit Reporting Act (“FCRA”). These include, among others, the right to know what is in your file; to dispute incomplete or inaccurate information; and to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information. For information about your rights under the FCRA, please visit: https://files.consumerfinance.gov/f/201504_cfpb_summary_your- rights-under-fcra.pdf. 

Contact the U.S. Federal Trade Commission

You may contact the Federal Trade Commission (“FTC”), law enforcement, or your state Attorney General to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s website at www.ftc.gov/idtheft, or call the FTC at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. 

Fraud Alerts and Security Freezes

You may obtain additional information from the FTC and the credit reporting agencies about fraud alerts and security freezes. You can add a fraud alert to your credit report file to help protect your credit information at no cost to you. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to verify your identity. You may place a fraud alert in your file by calling any of the nationwide credit reporting agencies listed above. As soon as that agency processes your fraud alert, it will notify the other two agencies, which then must also place fraud alerts in your file.

You can also contact the nationwide credit reporting agencies at the numbers listed above to place a security freeze to restrict access to your credit report free of charge. You must separately place a credit freeze on your credit file at each credit reporting agency. You will need to provide the credit reporting agency with certain information, such as your name, address, date of birth and Social Security number. After receiving your request, the credit reporting agency will send you a confirmation containing a unique PIN or password that you will need in order to remove or temporarily lift the freeze. You should keep the PIN or password in a safe place. If you request a lift of the credit freeze online or by phone, the credit reporting agency must lift the freeze within one (1) hour. If you request a credit freeze or lift of a credit freeze by mail, the credit reporting agency must place or lift the credit freeze no later than three (3) business days after getting your request. 

State Specific Information

For residents of the District of Columbia, Iowa, Maryland, New York, North Carolina, Oregon and Rhode Island

You may contact your Attorney General for additional information about avoiding identity theft. If you are a Rhode Island resident, you may also file a police report by contacting local or state law enforcement agencies.

You may use the following information to contact your attorney general:

District of Columbia Office of the Attorney General Office of Consumer Protection 400 6th Street, NW Washington, DC 20001 (202) 442-9828 www.oag.dc.gov
	Iowa Office of the Iowa Attorney General Hoover State Office Building 1305 E. Walnut Street Des Moines, IA 50319 (515) 281-5926 / (888) 777-4590 www.iowaattorneygeneral.gov	Maryland Maryland Office of the Attorney General Consumer Protection Division 200 St. Paul Place Baltimore, MD 21202 (410) 528-8662 www.marylandattorneygeneral.gov	Oregon Oregon Department of Justice 1162 Court Street NE Salem, OR 97301-4096 (877) 877-9392 www.doj.state.or.us
New York New York Attorney General Consumer Frauds & Protection Bureau 120 Broadway, 3rd Floor New York, NY 10271 (800) 771-7755 www.ag.ny.gov	New York New York Department of State Division of Consumer Protection 99 Washington Avenue Suite 650 Albany, New York 12231 (800) 697-1220 www.dos.ny.gov	North Carolina North Carolina Department of Justice 9001 Mail Service Center Raleigh, NC 27699-9001 (919) 716-6000 www.ncdoj.gov	Rhode Island Rhode Island Office of the Attorney General Consumer Protection Division 150 South Main Street Providence, RI 02903 (401) 274-4400 www.riag.ri.gov

For residents of Massachusetts: Under Massachusetts law, you have the right to obtain any police report filed in connection to the incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.

For residents of New Mexico: You have rights under the federal Fair Credit Reporting Act (FCRA). These include, among others, the right to know what is in your file; to dispute incomplete or inaccurate information; and to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information. For more information about the FCRA, please visit https://files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf or www.ftc.gov.

Purchaser Project Bluegrass Holdco, LLC located at 4600 Edmundson Road, St. Louis, MO 63134, is filing a Certificate of Need Application pursuant to Section 19a-638 of the Connecticut General Statutes in connection with an indirect change of ownership occurring several ownership levels above the involved surgery centers as a result of the intended acquisition of AmSurg by Project Bluegrass Holdco, LLC, a wholly owned subsidiary of Ascension Health Alliance. This transaction includes a total of five surgery centers in Connecticut. The capital expenditures associated with the project are $113,218,000.  The names and locations of the CT surgery centers involved are as follows: Wilton Surgery Center at 195 Danbury Road, Wilton, CT 06897; The Eye Surgery Center at 4 Northwestern Drive, Suite 400, Bloomfield, CT 06002; Diagnostic Endoscopy Center at 778 Long Ridge Road, Stamford, CT 06902;  Eastern Connecticut Endoscopy Center at 79 Wawecus Street, Suite 107, Norwich, CT 06360; and Connecticut Eye Surgery Center South at 60 Wellington Road, Milford, CT 06461.