- Oracle Health has potentially suffered a different data violation
- Any such event may affect sensitive patient data
- Oracle has not yet confirmed the extent of the violation
Oracle Health has refused to have had sensitive patient data stolen by threat players in two separate data violations, leaving millions of customers potentially at risk.
The company had previously denied any violation after a hacker claimed to hold six million items belonging to the company, but now another event seems to have led to a separate violation.
The company has not yet commented on the compromises, but the bleeping computer has now reportedly seen private communication sent to affected customers confirming patient data was stolen.
Sensitive stolen data
The attack used compromised customer credit for violation of servers, and the inherited Cerner Datamigration servers sometime after 22 January 2025, and the company was made aware of the violation on February 20, 2025.
Reports confirmed patient information were included in the information stolen in the attack and that the company will help identify the affected users. It is not clear whether this was the result of a ransomware attack, or whether this was just data ex -filtration, and it is also still unknown how the customer’s credentials were obtained.
The striker, who goes by the name “Andrew”, has not required association with any ransomware or hacking groups and requires millions of dollars in cryptocurrency to stop the sale or leak of the ex-filtered information.
Health organizations are increasingly at risk for cyberattackers, especially given the sensitive nature of the data they collect and the often limited budgets for cyber security.
In fact, a violation of the insurance company from 2024 affected healthcare, United Healthcare, almost 200 million patients.
Since a data violation containing personally identifiable information like this would put them exposed to serious risk of identity theft or fraud, Oracle Health has apparently offered to pay for credit monitoring services for those who are affected.
“As cyber security leaders, we are responsible for strong cyber hygiene: continuously monitoring our environments for unusual activity, utilization of cyber threat information to keep in front of new risks and allow employees to be our human firewall, “commented Pierre Noel, Field Ciso EMEA at Expel.
“No system is completely impervious, but understanding our risk landscape and layering defense can make it much harder for attackers to succeed. Cyberresilience starts with us.”
