Aultman Health System Data Breach: Ohio Patients Face Serious Privacy Risks

In late December 2025, Aultman Health System—a prominent nonprofit healthcare provider in Canton, Ohio—began notifying thousands of patients about a significant cybersecurity incident. This Aultman Health System data breach in 2025 resulted from unauthorized access to systems managed by its third-party electronic health records vendor, Cerner Corporation (now part of Oracle Health).

As an experienced Ohio class action firm specializing in healthcare privacy violations, The Lyon Firm is actively monitoring this event and advising affected individuals on their legal options under federal and state laws.

What Led to the Aultman Data Breach?

The breach originated on January 22, 2025, when hackers gained entry to legacy Cerner servers that stored Aultman patient data. Cerner identified the intrusion in late February and initiated a forensic investigation with cybersecurity specialists. By mid-2025, they determined that intruders had copied sensitive files to an external location before access was cut off. Aultman received confirmation months later and delayed patient notifications until December 26, 2025, to avoid disrupting the ongoing law enforcement investigation.

Although Aultman’s active systems were not compromised, the vulnerable legacy platforms exposed a large volume of confidential records. This incident highlights ongoing weaknesses in outdated healthcare IT systems, particularly as cyberattacks on Ohio hospitals continue to increase.

What Patient Data Was Compromised?

The potential for an Ohio healthcare data breach lawsuit is substantial because of the highly sensitive nature of the stolen information. Hackers obtained the following data:

• Full names
• Social Security numbers
• Dates of birth
• Medical record numbers
• Treating physicians
• Diagnoses
• Prescribed medications
• Lab and test results
• Diagnostic images (X-rays, MRIs, etc.)
• Care plans and treatment details

With Aultman serving more than 700,000 patient visits annually, the breach may impact tens of thousands of individuals. This exposure increases risks of identity theft, fraudulent insurance claims, medical fraud, and blackmail. Patients should act quickly to protect themselves.

Legal Ramifications and Your Rights

HIPAA and Ohio’s consumer protection laws (ORC §1349.19) require healthcare organizations to protect protected health information (PHI) with strong encryption, access controls, and effective breach response procedures. If Cerner or Aultman failed to meet these standards—possibly by maintaining insecure legacy systems—affected individuals may pursue compensation through individual lawsuits or Cerner data breach Aultman class actions.

Recoverable damages can include:

• Out-of-pocket expenses (such as credit monitoring services)
• Emotional distress
• Statutory penalties (up to $1,500 per violation under certain Ohio laws)

Federal regulations, including the FTC Act, also require reasonable security measures. With healthcare cyberattacks rising sharply in Ohio, courts are increasingly holding both providers and vendors accountable.

Why Hire The Lyon Firm for Your Aultman Breach Claim

When your medical history is stolen, you need more than general advice—you need a proven advocate familiar with Ohio privacy laws. The Lyon Firm has recovered millions in healthcare data breach settlements, including class actions against major providers for HIPAA violations. Lead attorney Joe Lyon, with more than 20 years of complex litigation experience, has successfully challenged large corporations, uncovering systemic failures that cause breaches. Key advantages of working with The Lyon Firm include:

• Contingency fee structure—no fees unless we win
• We cover all investigation costs upfront, including forensic experts
• Personalized case handling, not high-volume settlement processing
• Focus on maximum recovery for identity theft, medical fraud, and related stress

If you received a notification letter about the recent protected health information breach, our team can help you evaluate whether to join emerging lawsuits or pursue an individual claim. Contact us today for a free, confidential review—protect your future and hold responsible parties accountable.