Oracle Health breach compromises patient data at US hospitals

In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025. Oracle Health has not yet publicly disclosed the incident, but in private communications sent to impacted customers and from conversations with those involved, BleepingComputer confirmed that patient data was stolen in the attack. "We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud," reads a notification sent to impacted Oracle Health customers. A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. While Oracle Health has agreed to pay for credit monitoring services and the mailing vendor for patient notification, BleepingComputer was told the company is not willing to send it on behalf of the impacted hospitals. While Oracle denied that it had suffered a breach, BleepingComputer was told that samples of the stolen data shared with customers were confirmed to be valid. While the breach and theft of patient data have become a nightmare for the impacted organizations, BleepingComputer was told that Oracle's lack of transparency has also been extremely frustrating. The disclosure of this incident comes soon after reports of an alleged breach of Oracle Cloud's federated SSO login servers, in which a threat actor claimed to steal the LDAP authentication data for 6 million people. Oracle says that the threat actor used compromised customer credentials to breach the servers sometime after January 22, 2025, and copied data to a remote server. Oracle Health is also telling hospitals that they will not notify patients directly and that it is their responsibility to determine if the stolen data violates HIPPA laws and whether they are required to send notifications. Oracle Health, formerly known as Cerner, is a healthcare software-as-a-service (SaaS) company offering Electronic Health Records (EHR) and business operations systems to hospitals and healthcare organizations. In conversations with numerous sources, BleepingComputer learned that all formal communication was sent on plain paper rather than Oracle letterhead, nor has the company formerly acknowledged the breach as expected. The notification seen by BleepingComputer was not on official letterhead but was signed by Seema Verma, the Executive Vice President & GM of Oracle Health. BleepingComputer contacted Oracle Health about this incident and the concerns of its customers and will update this story if we receive a reply. Furthermore, rather than providing written reports, Oracle Health has reportedly directed customers to communicate only with its Chief Information Security Office (CISO) over the phone and not via email.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 28 Mar 2025 14:15:05 +0000


Cyber News related to Oracle Health breach compromises patient data at US hospitals

Hospitals Must Treat Patient Data and Health With Equal Care - COMMENTARY. Hospitals are in the crosshairs: As collectors of some of the most personal and sensitive data available, hospitals are a prime target for hackers and cyberattacks. Patient data needs to be treated with as much care and sensitivity as the ...
1 year ago Darkreading.com
Oracle Health breach compromises patient data at US hospitals - In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025. Oracle Health has not yet publicly disclosed the incident, but in ...
2 months ago Bleepingcomputer.com
Capital Health Hospitals hit by cyberattack causing IT outages - Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week. The healthcare system manages two hospitals, an outpatient facility in ...
1 year ago Bleepingcomputer.com DAIXIN
Cybersecurity in the Healthcare Industry: Protecting Patient Data - In the rapidly advancing era of technology, the healthcare industry faces a critical challenge: protecting patient data from cyber threats. This article will emphasize the significance of cybersecurity in the healthcare industry and explore the ...
1 year ago Securityzap.com
The Technology That's Remaking OU Health into a Top-Tier Medical Center - This, along with our desire to replace our electronic health record and revenue cycle system, contributed to OU Health's decision to completely overhaul our IT infrastructure in support of our long-term organizational needs. OU Health strives to ...
1 year ago Feedpress.me
Randolph Health Announces Data Breach Stemming from Breached Employee Email Account - On April 10, 2024, American Healthcare Systems LLC d/b/a Randolph Health filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party accessed a Randolph ...
1 year ago Jdsupra.com
Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn - Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children's hospital, and that the U.S. government is doing too little prevent such breaches. ...
1 year ago Securityweek.com
SW Ontario hospitals confirm patient data compromised in cyberattack - As the fallout from last week's cyberattack against five southwestern Ontario hospitals continues to spread, the organizations confirmed Tuesday that patient information was stolen and they now fear the blackmailers might publish it online. TransForm ...
1 year ago Windsorstar.com
1 million Corewell Health patients could be impacted by second data breach - GRAND RAPIDS, MI - About one million Corewell Health patients in southeast Michigan may have had their personal and medical information exposed in yet another nationwide data breach. Michigan Attorney General Dana Nessel on Tuesday, Dec. 26, ...
1 year ago Mlive.com
Tri-City Medical Center in Oceanside hit by cybersecurity attack - Tri-City Medical Center is diverting ambulance traffic to other hospitals Thursday as it copes with a cybersecurity attack that has forced it to declare "An internal disaster" as workers scramble to contain the damage and protect patient records. The ...
1 year ago Sandiegouniontribune.com Noescape
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
7 months ago Aws.amazon.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com
Innovative Legal Move Restores Hospital's Stolen Information - There has been a handover of patient data stolen by the notorious LockBit gang from a cloud computing company to a New York hospital alliance that is partnered with that company. There was a lawsuit filed by the North Star Health Alliance - a group ...
1 year ago Cysecurity.news LockBit
Oracle privately confirms Cloud breach to customers - This comes after a threat actor (known as rose87168) put up for sale 6 million data records on BreachForums on March 20 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the ...
1 month ago Bleepingcomputer.com
Oracle privately confirms Cloud breach to customers - This comes after a threat actor (known as rose87168) put up for sale 6 million data records on BreachForums on March 20 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the ...
1 month ago Bleepingcomputer.com
Feds cough up 'voluntary' cybersecurity goals for hospitals The Register - Plus, you're going to be in for a world of hurt when new regulations - which will very likely mirror these voluntary practices - take effect, according to Taylor Lehmann, a director in Google Cloud's Office of the Chief Information Security Officer. ...
1 year ago Go.theregister.com
How Hospitals Can Help Improve Medical Device Data Security - COMMENTARY. Hospitals and medical device manufacturers must team up to help create a secure environment to protect the personal health information derived from patient monitors and other medical devices. For some time, this notion of shared ...
1 year ago Darkreading.com
New Jersey, Pennsylvania hospitals affected by cyberattacks - Hospitals in New Jersey and Pennsylvania are dealing with the ramifications of cyberattacks this week following several similar incidents that took place during the Thanksgiving holiday. This week, Capital Health said it is experiencing network ...
1 year ago Therecord.media
Welltok Data Breach: 8.5M US Patients' Information Exposed - In a recent cybersecurity incident, Welltok, a leading healthcare Software as a Service provider, reported unauthorized access to its MOVEit Transfer server, affecting the personal information of approximately 8.5 million patients in the United ...
1 year ago Securityboulevard.com
Hospitals ask courts to force cloud storage firm to return stolen data - Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack and now stored on the servers of a Boston cloud storage company. Carthage Area Hospital and Claxton-Hepburn Medical Center have ...
1 year ago Bleepingcomputer.com LockBit Akira
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
1 year ago Securityzap.com
Oracle says "obsolete servers" hacked, denies cloud breach - BleepingComputer has also separately confirmed with multiple Oracle customers that samples of the leaked data (including associated LDAP display names, email addresses, given names, and other identifying information) received from the threat actor ...
1 month ago Bleepingcomputer.com
Future Health: AI's Impact on Personalised Care in 2024 - As we dive into the era of incorporating Artificial Intelligence into healthcare, the medical sector is poised for a profound transformation. AI holds immense potential in healthcare, offering groundbreaking advancements in diagnostics, personalised ...
1 year ago Cysecurity.news
Ardent hospital ERs disrupted in 6 states after ransomware attack - Ardent Health Services, a healthcare provider operating 30 hospitals across six U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday. It had to take its entire network offline, notify law enforcement, and hire ...
1 year ago Bleepingcomputer.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
1 year ago Bleepingcomputer.com