Oracle Security Incidents: Under Fire for Handling

Oracle Confronts Scrutiny Over Multiple Data Security Incidents

Oracle, a leading technology corporation, is currently under fire due to its response to a pair of distinct, yet potentially connected, data breaches.

Ongoing Security Concerns

Evidence suggests that at least one of these security compromises remains active, even as Oracle publicly maintains that no breach occurred.

This denial has fueled further criticism and raised questions about the company’s transparency.

Breach Affecting Oracle Health

The second incident involves a confirmed breach of sensitive patient data managed by Oracle Health, the company’s healthcare-focused division.

This breach raises significant concerns regarding the privacy and security of protected health information.

Lack of Official Response

Despite inquiries from TechCrunch, Oracle has not provided any official statement or comment regarding either of these incidents.

This silence has amplified anxieties and speculation surrounding the scope and impact of the breaches.

The situation is developing, and further investigation is needed to fully understand the extent of the compromised data and the measures Oracle is taking to address these vulnerabilities.

Recent Data Breach Impacts Oracle Health Patients

Reports indicate a recent security incident involving Oracle Health, a key provider of technology solutions for hospitals and healthcare organizations. This technology facilitates online access to vital health records.

Oracle Health encompasses the former Cerner Corporation, a leading electronic health records company acquired by Oracle in 2022 for a substantial $28 billion.

According to reports from Bloomberg and Bleeping Computer, the breach has compromised patient data. The precise nature of the stolen data and the specific organizations affected remain currently unclear.

Oracle alerted select healthcare clients in March regarding a breach that occurred earlier in the year. Hackers reportedly gained access to Oracle servers and successfully extracted patient information, as detailed in the publications.

The notification, as reported by Bleeping Computer, stated: “We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud.”

Multiple sources suggest that a hacker is actively attempting to extort affected hospitals, with demands reportedly reaching into the millions of dollars.

A confidential Oracle employee, lacking authorization to address the press, shared with TechCrunch that the company’s internal communication has been lacking in transparency.

“For a number of days, my team was unable to access customer environments. My primary concern extends beyond the patient data breach itself. Access gained through these hosts potentially allows complete access to all hosted systems,” the employee explained. “Certain customers utilize these systems for other applications, such as HR and finance. It remains uncertain whether these were also compromised.”

The employee indicated that information regarding the incident was initially discovered through platforms like Reddit and internal Slack channels.

The situation was described by the employee as feeling “super ignored,” with a prevailing attitude of “Nothing to see here, move right along.”

However, the employee also noted that some teams received pre-approved communication language for client interactions on March 4th: “We will investigate the issue you are experiencing.”

Oracle Contests Cloud Security Breach Claims Amidst Growing Evidence

A separate security incident impacting Oracle Cloud servers is also under scrutiny. The company’s level of transparency regarding this event has been questioned.

Earlier this month, an individual utilizing the alias rose87168 advertised data purportedly belonging to 6 million Oracle Cloud users on a cybercrime forum. This data included authentication details and encrypted passwords, as initially reported by Bleeping Computer.

As proof of successful infiltration, rose87168 shared a text file containing their online identifier, which was demonstrably hosted on an Oracle Cloud server.

Subsequently, multiple Oracle customers have indicated that the data samples released by the hacker appear legitimate, further supporting the assertion of a breach within Oracle’s systems.

Despite this evidence, Oracle has issued a denial, stating that no breach occurred.

“No unauthorized access to Oracle Cloud has taken place. The credentials that have been publicized do not pertain to the Oracle Cloud environment. No Oracle Cloud customers have been affected by a breach or experienced data loss,” a statement from Oracle conveyed to the publication read.

However, skepticism persists regarding this claim.

“This represents a significant cybersecurity event with potential ramifications for customers utilizing a platform managed by Oracle,” cybersecurity analyst Kevin Beaumont explained in a blog post detailing his analysis of the alleged Oracle Cloud breach. “Oracle is employing careful wording in its statements to avoid accepting accountability. This approach is unacceptable.”

Beaumont further stated, “Oracle must provide a clear, open, and public account of the incident, outlining its impact on customers and the measures being taken to address it. Maintaining trust and fulfilling responsibility demands this. Oracle needs to act decisively, or customers may reconsider their reliance on the platform.”

Cybersecurity professional Lisa Forte commented on Bluesky regarding one of the reported breaches, noting that “should these reports prove accurate – and it is becoming increasingly difficult to envision a scenario where they do not – this reflects extremely poorly on Oracle.”