In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025. Oracle Health has not yet publicly disclosed the incident, but in private communications sent to impacted customers and from conversations with those involved, BleepingComputer confirmed that patient data was stolen in the attack. "We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud," reads a notification sent to impacted Oracle Health customers. A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. While Oracle Health has agreed to pay for credit monitoring services and the mailing vendor for patient notification, BleepingComputer was told the company is not willing to send it on behalf of the impacted hospitals. While Oracle denied that it had suffered a breach, BleepingComputer was told that samples of the stolen data shared with customers were confirmed to be valid. While the breach and theft of patient data have become a nightmare for the impacted organizations, BleepingComputer was told that Oracle's lack of transparency has also been extremely frustrating. The disclosure of this incident comes soon after reports of an alleged breach of Oracle Cloud's federated SSO login servers, in which a threat actor claimed to steal the LDAP authentication data for 6 million people. Oracle says that the threat actor used compromised customer credentials to breach the servers sometime after January 22, 2025, and copied data to a remote server. Oracle Health is also telling hospitals that they will not notify patients directly and that it is their responsibility to determine if the stolen data violates HIPPA laws and whether they are required to send notifications. Oracle Health, formerly known as Cerner, is a healthcare software-as-a-service (SaaS) company offering Electronic Health Records (EHR) and business operations systems to hospitals and healthcare organizations. In conversations with numerous sources, BleepingComputer learned that all formal communication was sent on plain paper rather than Oracle letterhead, nor has the company formerly acknowledged the breach as expected. The notification seen by BleepingComputer was not on official letterhead but was signed by Seema Verma, the Executive Vice President & GM of Oracle Health. BleepingComputer contacted Oracle Health about this incident and the concerns of its customers and will update this story if we receive a reply. Furthermore, rather than providing written reports, Oracle Health has reportedly directed customers to communicate only with its Chief Information Security Office (CISO) over the phone and not via email.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 28 Mar 2025 14:15:05 +0000