Oracle, a major player in the technology sector, is currently under scrutiny for its management of two distinct data breaches. One of these incidents, which Oracle has reportedly denied as a breach, seems to be ongoing. The other incident involves a breach within Oracle Health, the company’s healthcare subsidiary.
The recent breach associated with Oracle Health involves the disclosure of patient data. Oracle Health supplies technology to hospitals and various healthcare providers, enabling the online access of health records. This unit merged with Cerner, an electronic health records company that Oracle acquired for $28 billion in 2022.
Bloomberg and Bleeping Computer have reported that patient data is affected by the breach, though specifics regarding the exact nature of the stolen data and the impacted organizations remain unclear. Oracle alerted some healthcare customers about the breach, which occurred earlier this year, involving unauthorized access to Oracle servers and theft of patient data.
An ORACLE notification indicated awareness of the cybersecurity event on or around February 20, 2025, which involved unauthorized access to Cerner data on a legacy server not yet migrated to Oracle Cloud. Bleeping Computer mentioned that a hacker has been attempting to extort affected hospitals, demanding substantial sums of money.
An anonymous Oracle employee expressed concerns over the company’s transparency, stating that employees were left out of the loop regarding customer environments. The employee expressed the need to rely on unofficial sources like Reddit and Slack to piece together information. They also noted that some teams were directed to communicate with clients using standard language by March 4.
Meanwhile, the separate breach concerning Oracle Cloud servers has also raised transparency issues. A hacker known as rose87168, reportedly offered data from 6 million Oracle Cloud customers, including authentication data and encrypted passwords, on a cybercrime forum. To substantiate the claim, the hacker uploaded a text file to an Oracle Cloud server.
Despite denials from Oracle, several customers have confirmed the validity of data samples shared by the hacker. Oracle maintained that “no breach of Oracle Cloud” occurred and that published credentials were unrelated to its cloud services, yet some remain skeptical.
Cybersecurity expert Kevin Beaumont criticized Oracle’s handling of the situation, urging the company to be transparent regarding the incident, its impact on customers, and the steps being taken to address it. He emphasized the importance of trust and responsibility, suggesting that failure to act appropriately could lead to customer loss. Another cybersecurity expert, Lisa Forte, commented on Bluesky, expressing skepticism over Oracle’s denials, highlighting potential reputational damage if the breach allegations hold true.
