A recent cybersecurity incident at Oracle Health has significantly impacted several healthcare organizations across the United States, following the unauthorized access and theft of patient data from outdated legacy servers.
Understanding the Breach Impact
Despite the lack of an official public announcement, thorough investigations by BleepingComputer alongside private communications have confirmed the theft of sensitive patient data during this breach.
Oracle Health, which integrated with Cerner in 2022 to operate under Oracle’s expansive cloud services, discovered that their legacy Cerner data migration servers were compromised on February 20, 2025.
The perpetrators gained access using compromised customer credentials, subsequently transferring patient information from electronic health records to an external server.
Delayed Notifications and Further Complications
Oracle Health has advised impacted hospitals to handle patient notifications themselves, which has stirred controversy regarding compliance with HIPPA regulations and patient rights.
Further, while offering support to identify affected individuals and providing notification templates, Oracle has expressed that they will not take direct action in notifying the patients, adding to the organizations’ burdens.
Details on whether ransomware was involved remain undisclosed, leaving the main motive as pure data theft.
Broader Concerns with Oracle’s Security Measures
This incident surfaces amidst other security concerns, including a purported breach of Oracle Cloud’s SSO servers earlier reported by BleepingComputer, where LDAP authentication data for 6 million users was allegedly stolen.
Although Oracle denied these allegations, the situation highlights ongoing security challenges facing the company.
Customer Reactions and Oracle’s Response
Frustration has grown among impacted organizations due to perceived transparency issues from Oracle. Most communications regarding the incident have been inadequately formal, lacking the expected official protocols, such as use of Oracle letterhead and clearer communication channels.
Oracle Health has limited interactions to phone communications through their Chief Information Security Office, avoiding written correspondence.
Despite agreeing to cover expenses for credit monitoring services and patient notification mailing vendors, Oracle Health has decided not to send these notifications themselves.
As this developing story unfolds, further updates will be provided if Oracle Health responds to ongoing inquiries and concerns.
Related: 5 Alarming Ways Bogus Apps Are Spreading PJobRAT Malware: A 2023 Cybersecurity Alert
Last Updated: March 28, 2025
