Strauss Borrelli PLLC, a leading data breach law firm, is investigating Christus Health (“Christus”) regarding its recent data breach. The Christus data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT CHRISTUS HEALTH:
Christus is a Catholic not-for-profit health care system based in Texas. Today, Christus provides a range of health care services to patients and families, including primary care, urgent care, pediatric care, oncology, heart and vascular treatment, orthopedics, women’s health, sports medicine, virtual care, and more.2,3 Headquartered in Irving, Texas, Christus employs over 50,000 individuals and manages a network of more than 600 centers, including long-term care facilities, community hospitals, walk-in clinics, and health ministries.3
WHAT HAPPENED?
Recently, Christus announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice shared on its website, in October 2025, Oracle Health (formerly Cerner Corporation), a third-party provider of health information technology solutions used at previously used at Christus, informed Christus that an unauthorized third party gained access to legacy Cerner systems as early as January 22, 2025 and obtained certain data.1 As a result, Oracle Health launched an investigation to determine the nature of the incident.
Through its investigation, Oracle confirmed to Christus that sensitive personal information in Oracle systems related to Christus patients may have been accessed by an unauthorized third party during the breach. As a result, Christus began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Health records (laboratory orders, blood bank records, medical record numbers, doctors, diagnoses, medicines, test results)
As a result of the breach, Christus posted notice of the breach on its website. Based on the website breach, Christus is providing affected individuals with a list of the specific types of sensitive information impacted and 24 months of complimentary credit monitoring services. A link to the website breach notice is below.
If you believe you have been affected by the Christus Health breach:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
