They publicly denied, denied, denied having a breach of Oracle Cloud after someone put data up for sale, but while Oracle was publicly denying any breach, their customers and researchers were confirming that there had been one. Now we learn that Oracle Health had been telling some hospitals and healthcare clients that there had been a breach of legacy Cerner data. BleepingComputer reports:
In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025.
“We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud,” reads a notification sent to impacted Oracle Health customers.
Oracle says that the threat actor used compromised customer credentials to breach the servers sometime after January 22, 2025, and copied data to a remote server. This stolen data “may” have included patient information from electronic health records.
However, multiple sources told BleepingComputer that it was confirmed that patient data was stolen during the attack.
And if their incident response wasn’t already down in the basement for their public denials, they are not going to be notifying any affected patients, it seems:
Oracle Health is also telling hospitals that they will not notify patients directly and that it is their responsibility to determine if the stolen data violates HIPAA laws [sic] and whether they are required to send notifications.
However, the company says they will help identify impacted individuals and provide templates to help with notifications.
Read more at BleepingComputer.
Confusion continues to abound. Is the Cerner breach that Oracle Health disclosed the same incident as the Oracle Cloud breach claimed by a user on a hacking forum and who is offering data for sale? This post will be updated as more information becomes available.
This post was updated post-publication to try to clarify the Cerner data breach from the claimed Oracle Cloud incident.
