Excerpt from HIPAA Journal Article, Published on January 22, 2026
Jupiter Medical Center has started notifying patients about a data breach connected to a former electronic health records vendor. Although the incident occurred in January 2025, patients only recently received notifications. This delay happened because law enforcement agencies requested more time to continue their investigation without disruption.
Importantly, the breach did not affect the hospital’s current systems. Instead, it involved legacy medical records associated with Columbia Medical Practice, which previously operated in connection with the hospital. As a result, some historical patient data became exposed through a third – party system. According to HIPAA Journal, the compromised systems belonged to Cerner, now operating as Oracle Health. The vendor stored archived electronic health records for Columbia Medical Practice and other healthcare organizations. An unauthorized individual gained access to those systems on or around January 22, 2025.
During the incident, sensitive data may have been exposed. Specifically, the information includes patient names, medical record numbers, Social Security numbers, and clinical details. Because this data qualifies as protected health information, the breach triggered notification obligations under HIPAA regulations. Following the discovery, officials confirmed that the breach affected a limited number of patients. Nevertheless, the organization took immediate action to reduce potential harm. For example, affected individuals received written notifications along with offers for two years of complimentary credit monitoring services.
Meanwhile, Jupiter Medical Center emphasized that safeguarding patient privacy remains a top priority. In addition, it continues to work with cybersecurity professionals and law enforcement authorities. Through these efforts, the organization aims to understand the full scope of the incident and strengthen future protections. Notably, this incident highlights the ongoing risks associated with third – party vendors in healthcare. Today, many providers rely on external partners to manage sensitive data. However, weaknesses in vendor security can still lead to serious exposure.
Therefore, healthcare organizations must improve vendor oversight and security governance. Overall, the breach serves as a reminder that strong vendor management remains essential. Ultimately, proactive security controls and transparency help maintain patient trust and regulatory compliance across the healthcare sector.
To delve deeper into this topic, Visit HIPAA Journal.
