Cerner Corporation Company CyberSecurity Posture

linkedin.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

On December 20, 2021, Oracle and Cerner jointly announced an agreement for Oracle to acquire Cerner through an all-cash tender offer for $95.00 per share, or approximately $28.3 billion in equity value. Learn more at oracle.com/corporate/acquisitions/cerner.

Cerner Corporation A.I CyberSecurity Scoring

Cerner Corporation

Company Details

Linkedin ID:

cerner-corporation

Website:

https://www.linkedin.com/showcase/oraclehealth/

Employees number:

12,253

Number of followers:

393,743

NAICS:

5415

Industry Type:

IT Services and IT Consulting

Homepage:

linkedin.com

IP Addresses:

Scan still pending

Company ID:

CER_1859093

Scan Status:

In-progress

AI scoreCerner Corporation Risk Score (AI oriented)

Between 650 and 699

https://images.rankiteo.com/companyimages/cerner-corporation.jpeg
Cerner Corporation IT Services and IT Consulting
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreCerner Corporation Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/cerner-corporation.jpeg
Cerner Corporation IT Services and IT Consulting
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Cerner Corporation

Weak
Current Score
689
B (Weak)
01000
2 incidents
-53.5 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
689
NOVEMBER 2025
687
OCTOBER 2025
685
SEPTEMBER 2025
737
Breach
01 Sep 2025 • OSF HealthCare, Cerner and OSF Saint Clare Medical Center: Data breach exposes sensitive patient information across multiple OSF facilities
OSF Healthcare Patient Data Breach via Former Vendor Cerner

**Cybersecurity Incident at OSF HealthCare Exposes Patient Data via Former Vendor Cerner** OSF HealthCare disclosed a cybersecurity incident involving its former electronic health record (EHR) vendor, Cerner, which may have exposed sensitive patient information. The breach, detected in September, stemmed from unauthorized access to legacy Cerner systems as early as January 2024. While OSF confirmed the incident did not affect its own systems or hospital operations, it impacted multiple healthcare facilities, though only patients of OSF Saint Clare Medical Center in Princeton were formally notified. Cerner, which no longer provides services to OSF, identified the breach and launched an investigation, securing the compromised systems and engaging external cybersecurity experts. Law enforcement requested a delay in notifying affected parties to avoid interfering with the probe. OSF began notifying patients in November after Cerner completed a data review, providing a list of individuals whose information may have been accessed. Exposed data includes patient names, Social Security numbers, medical record details (such as diagnoses, medications, test results, and treatment information), and physician names. As a precaution, OSF and Cerner are offering two years of complimentary credit monitoring and identity restoration services to affected patients. The incident highlights broader vulnerabilities in third-party healthcare IT systems, with Cerner confirming the breach extended beyond OSF facilities.

682
critical -55
OSFCEROSF1766606283
Incident Details -
Type
Data Breach
Attack Vector
Unauthorized third-party access
Impact
Data Compromised: Patient names, Social Security numbers, medical record numbers, physicians, diagnoses, medications, test results, images, and details related to care and treatment Systems Affected: Legacy Cerner systems Operational Impact: No impact on hospital operations Identity Theft Risk: High (due to exposure of SSNs and medical records)
Response
Incident Response Plan Activated: Yes (by Cerner) Third Party Assistance: External cybersecurity specialists Law Enforcement Notified: Yes Containment Measures: Secured affected systems Communication Strategy: Delayed patient notification at the request of investigators
Data Breach
Personal Identifiable Information (PII) Protected Health Information (PHI) Sensitivity Of Data: High Personally Identifiable Information: Names, Social Security numbers, medical record numbers, diagnoses, medications, test results, images, and treatment details
Regulatory Compliance
HIPAA
Recommendations
Offer complimentary credit monitoring and identity restoration services to affected patients
Investigation Status
Completed (data review finalized in November 2023)
Customer Advisories
Notification letters sent to affected patients
Initial Access Broker
Entry Point: Legacy Cerner systems Reconnaissance Period: As early as January 2023
Post Incident Analysis
Root Causes: Unauthorized third-party access to legacy systems Corrective Actions: OSF no longer uses Cerner’s services
References
Blog URL Source URL
AUGUST 2025
737
JULY 2025
736
JUNE 2025
735
MAY 2025
734
APRIL 2025
733
MARCH 2025
732
FEBRUARY 2025
731
JANUARY 2025
782
Breach
22 Jan 2025 • Cerner Corporation and Aultman Health System: Aultman Health System notifies patients of medical data breach
Aultman Health System Medical Data Breach

**Aultman Health System Reports Third-Party Data Breach Impacting Patient Records** Aultman Health System, based in Canton, Ohio, has begun notifying patients of a data breach involving a third-party IT provider, Cerner Corporation, which may have exposed sensitive personal and medical information. The incident, detected in late February, stemmed from unauthorized access to a Cerner system used for electronic medical records, though Aultman confirmed its own systems remained unaffected. According to a patient notification letter, Cerner’s investigation—conducted with external cybersecurity experts and law enforcement—revealed that the breach occurred as early as January 22. The unauthorized party accessed and copied data, which may have included names, Social Security numbers, medical record details, diagnoses, treatment histories, test results, and physician information. At law enforcement’s request, Cerner and Aultman delayed public notification to avoid interfering with the investigation. As a remedial measure, Cerner is offering affected individuals two years of free credit monitoring and identity protection services through Experian, along with internet surveillance monitoring. Patients seeking further details can contact a dedicated hotline at 833-918-1127, using engagement number B156918.

730
critical -52
CERAUL1766771763
Incident Details -
Type
Data Breach
Attack Vector
Unauthorized third-party access
Impact
Data Compromised: Names, Social Security numbers, medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment Systems Affected: Cerner Corporation system (third-party IT provider) Identity Theft Risk: High
Response
Incident Response Plan Activated: Yes Third Party Assistance: External cybersecurity specialists Law Enforcement Notified: Yes Communication Strategy: Delayed notification to patients as directed by law enforcement; individual notification letters with engagement numbers
Data Breach
Personal Identifiable Information (PII) Protected Health Information (PHI) Sensitivity Of Data: High Data Exfiltration: Yes (copied to an external location) Personally Identifiable Information: Names, Social Security numbers, medical record numbers
Regulatory Compliance
HIPAA
Investigation Status
Ongoing
Customer Advisories
Free identity protection services and credit monitoring through Experian for two years; Internet Surveillance monitoring services
Stakeholder Advisories
Law enforcement directed delayed notification to avoid impeding the probe
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Cerner Corporation is 689, which corresponds to a Weak rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 687.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 685.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 682.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 737.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 736.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 735.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 734.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 733.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 732.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 731.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 782.

Over the past 12 months, the average per-incident point impact on Cerner Corporation’s A.I Rankiteo Cyber Score has been -53.5 points.

You can access Cerner Corporation’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/cerner-corporation.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Cerner Corporation’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/cerner-corporation.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.