Reports over the weekend indicated that Oracle has experienced two separate data breaches in recent months, one affecting Oracle Health customers and another said to result from an exploit targeting Oracle Cloud login servers.
Oracle has so far not publicly commented on the Oracle Health breach (which is reportedly under FBI investigation) and has not yet responded to an inquiry from Healthcare IT News. And the company has denied the Oracle Cloud breach, which is alleged to impact as many as 6 million records, even occurred.
Oracle Health
According to a March 28 report from Bleeping Computer, some hospitals and other healthcare clients have received a letter from Seema Verma, executive vice president and general manager of Oracle Health, notifying them that the company learned of a compromise of legacy Cerner data migration servers this past month.
Oracle acquired Cerner in 2022 for more than $28 billion.
"We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud," the notification reads, according to Bleeping Computer.
It reports that the letter, written on plain paper rather than Oracle letterhead, indicates electronic health records information could be among the data that was breached. These customers have been told it's up to them to assess whether the stolen data is a HIPAA violation, but that the company will help them with patient notifications.
Affected customers are also reportedly being told to contact Oracle Health’s security team by phone, rather than email.
Oracle Cloud
Meanwhile, another report this past week suggests that millions of records may have been compromised after an alleged breach of Oracle Cloud federated SSO login servers.
According to Bleeping Computer, an online account claims to have gained access to the data, including authentication data and encrypted passwords of as many as 6 million users.
The bad actor claims to have stolen SSO and LDAP passwords – from more than 140,000 domains across companies and government agencies – that could be decrypted using information from the files.
But Oracle disputes those claims. "There has been no breach of Oracle Cloud," the company told the website. "The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data."
Despite that denial, some security researchers have said the evidence suggests otherwise.
Healthcare IT News has asked an Oracle spokesperson about both reported breaches and will update this story if we receive comment.
Mike Miliard is executive editor of Healthcare IT News
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.