Engineers at multinational computer technology company Oracle accidentally triggered a five-day outage of the company’s electronic health record (EHR) system, Oracle Health, forcing several Community Health Systems (CHS) hospitals to return to paper-based patient records.
What happened
The outage began on April 23, 2025, when Oracle engineers performing maintenance mistakenly deleted critical storage linked to a key database, according to a CHS spokesperson. The disruption impacted Oracle Health, the company’s EHR platform, and affected multiple CHS hospitals. CHS was forced to initiate downtime procedures to maintain operations.
While CHS did not specify the number of facilities affected, Becker’s Hospital Review reported that 45 hospitals experienced disruptions. The issue was resolved by April 28, and CHS confirmed it was not caused by a cyberattack or security breach.
Despite the scale of the outage, the health system said there was no material impact on care delivery, crediting the professionalism of their clinical and support staff for maintaining patient services during the incident.
Going deeper
Oracle entered the EHR market in 2022 following its $28.3 billion acquisition of Cerner, becoming the second-largest EHR vendor after Epic Systems. However, Oracle’s EHR efforts have faced ongoing challenges, particularly with its federal contracts.
The Department of Veterans Affairs (VA) paused its EHR deployment in 2023 due to persistent concerns about patient safety, which stemmed from software issues predating Oracle’s acquisition of Cerner.
Read also: Which federal agencies must use HIPAA compliant email?
What was said
In a statement to CNBC, a CHS spokesperson said, “Despite this being a major outage, our hospitals were able to maintain services with no material impact. We are proud of our clinical and support teams who worked through the multi-day outage with professionalism and a commitment to delivering high-quality, safe patient care.”
By the numbers
- Oracle acquired Cerner in 2022 for $28.3 billion
- CHS operates 72 hospitals in 14 states
- 45 hospitals were impacted according to Becker’s Hospital Review.
Why it matters
For healthcare providers, these disruptions could reinforce concerns about transitioning to or continuing with Oracle’s EHR solutions.
EHR systems maintain a patient’s medical history and are used for accurate, timely, and secure patient care. A prolonged outage threatens continuity of care and increases operational risks, like medical errors and delayed treatments. Relying on paper during outages can also pose compliance risks if not handled according to the guidelines of the Health Insurance Portability and Accountability Act (HIPAA).
Learn more: How EHRs, AI, and secure communication can improve patient care
FAQs
Did the Oracle-CHS outage involve a HIPAA violation?
There’s no current indication that HIPAA was violated. The outage was caused by an internal error, not a data breach or cyberattack.
Can a service outage be a HIPAA violation?
Not always. If no patient information is exposed or improperly accessed, it may not violate HIPAA.
Does HIPAA require hospitals to notify patients of an outage?
Operational outages without breaches generally do not require patient notification under HIPAA, unless individuals’ protected health information (PHI) was compromised.
