- Oracle Health potentially underwent a second violation of data
- Such an incident could affect sensitive patient data
- Oracle has not yet confirmed the scale of the breach
Oracle Health denied having stolen the sensitive data of patients by threat actors in two separate data violations, leaving millions of customers potentially at risk.
The company had previously denied any violation after a pirate said he had six million files belonging to the company, but now a second incident seems to have led to a separate violation.
The company has not yet commented on compromises, but BleepingCompute has now seen private communications sent to affected customers who confirm that patient data has been stolen.
Sensitive stolen data
The attack used customer identification information compromised to violate servers, and data migration servers Cerne Legacy shortly after January 22, 2025, and the company was informed of the violation on February 20, 2025.
The reports have confirmed that patient information has been included in the information stolen in the attack and that the company will help identify the users concerned. It is not clear if it was the result of a ransomware attack, or if it was only the exfiltration of the data, and it is not yet known how customer identification information was obtained.
The striker, who is called “Andrew”, has not claimed any affiliation with ransomware or hacking groups, and requests millions of dollars in cryptocurrency to stop the sale or leak of exfiltrated information.
Health care organizations are increasingly threatened from cyber attacks, in particular given the sensitive nature of the data they collect and budgets often limited for cybersecurity.
In fact, a violation in 2024 of the United Healthcare insurance company had an impact on nearly 200 million patients.
Given that data violation containing personally identifiable information as this would put the persons exposed to a serious risk of identity or fraud, Oracle Health apparently proposed to pay credit monitoring services for affected persons.
“”As cybersecurity leaders, we are responsible for the strong cyber-hygiene: permanently monitoring our environments for an unusual activity, taking advantage of cyber-menace intelligence to stay ahead of emerging risks and allowing employees to be our human firewall, “said Pierre Noel, Field Ciso Emea to Expel.
“No system is completely impenetrable, but the understanding of our landscape defenses and risk superposition can make much more difficult for attackers to succeed. Cyber-resilience begins with us.”
