Oracle Health breach compromises patient data at US hospitals

pVMware Workstation autoupdates broken after Broadcom URL redirectppGoogle rolls out easy endtoend encryption for Gmail business usersppNearly 24000 IPs behind wave of Palo Alto Global Protect scansppPhishing platform Lucid behind wave of iOS Android SMS attacksppNew Windows 11 trick lets you bypass Microsoft Account requirementppNorth Korean IT worker army expands operations in EuropeppThis AI business software deal can build websites and automate outreachppWe Smell a DCRat Revealing a Sophisticated Malware Delivery ChainppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppA breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy serversppOracle Health has not yet publicly disclosed the incident but in private communications sent to impacted customers and from conversations with those involved BleepingComputer confirmed that patient data was stolen in the attackppOracle Health formerly known as Cerner is a healthcare softwareasaservice SaaS company offering Electronic Health Records EHR and business operations systems to hospitals and healthcare organizations After being acquired by Oracle in 2022 Cerner was merged into Oracle Health with its systems migrated to Oracle CloudppIn a notice sent to impacted customers and seen by BleepingComputer Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20 2025ppWe are writing to inform you that on or around February 20 2025 we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud reads a notification sent to impacted Oracle Health customersppOracle says that the threat actor used compromised customer credentials to breach the servers sometime after January 22 2025 and copied data to a remote server This stolen data may have included patient information from electronic health recordsppHowever multiple sources told BleepingComputer that it was confirmed that patient data was stolen during the attackppOracle Health is also telling hospitals that they will not notify patients directly and that it is their responsibility to determine if the stolen data violates HIPAA laws and whether they are required to send notificationsppHowever the company says they will help identify impacted individuals and provide templates to help with notificationsppIt is not known if ransomware was deployed in the attack or if it was purely data theft with BleepingComputer told that the details of the attack were not shared with customersppFurthermore it is unclear how a customers credentials could have allowed the theft of data from multiple organizationsppSources have told BleepingComputer that the impacted hospitals are being extorted by an individual threat actor going by the name Andrew who has not claimed affiliation with any known ransomware or extortion groupsppThe threat actor is demanding millions of dollars in cryptocurrency to prevent the leak or sale of stolen data and has created clearnet websites about the breach as a way to pressure the hospitalsppBleepingComputer first contacted Oracle Health about this incident on March 4th but received no responses to our questionsppWhile the breach and theft of patient data have become a nightmare for the impacted organizations BleepingComputer was told that Oracles lack of transparency has also been extremely frustratingppIn conversations with numerous sources BleepingComputer learned that all formal communication was sent on plain paper rather than Oracle letterhead nor has the company formerly acknowledged the breach as expectedppThe notification seen by BleepingComputer was not on official letterhead but was signed by Seema Verma the Executive Vice President GM of Oracle HealthppFurthermore rather than providing written reports Oracle Health has reportedly directed customers to communicate only with its Chief Information Security Office CISO over the phone and not via emailppThis approach has left hospitals without proper documentation or clear guidance on responding to the security breachppWhile Oracle Health has agreed to pay for credit monitoring services and the mailing vendor for patient notification BleepingComputer was told the company is not willing to send it on behalf of the impacted hospitalsppThe disclosure of this incident comes soon after reports of an alleged breach of Oracle Clouds federated SSO login servers in which a threat actor claimed to steal the LDAP authentication data for 6 million people As proof of the attack the threat actor shared an archived copy of a file uploaded to one of Oracles login servers that contained their email addressppWhile Oracle denied that it had suffered a breach BleepingComputer was told that samples of the stolen data shared with customers were confirmed to be validppUpdate Added information to the first section about the ongoing extortion of hospitalsppBased on an analysis of 14M malicious actions discover the top 10 MITRE ATTCK techniques behind 93 of attacks and how to defend against themppOracle customers confirm data stolen in alleged cloud breach is validppOracle denies breach after hacker claims theft of 6 million data recordsppWestern Alliance Bank notifies 21899 customers of data breachppStreamElements discloses thirdparty data breach after hacker leaks datappHellCat hackers go on a worldwide Jira hacking spreeppNot a member yet Register NowppMicrosofts killing script used to avoid Microsoft Account in Windows 11ppMicrosoft tests new Windows 11 tool to remotely fix boot crashesppVMware Workstation autoupdates broken after Broadcom URL redirectppAcronis Threat Research Unit Your secret weapon against Cyber Attacks Access the reports now ppOverdue a password healthcheck Audit your Active Directory for freeppAcronis Threat Research Unit Your secret weapon against Cyber Attacks Access the reports now ppInterested in changing your approach to penetration testsppLearn why identity attacks were the 1 threat facing organizations in 2024ppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp