Tech giant Oracle is facing criticism for how it’s handling two seemingly separate data breaches.
At least one of the incidents appears to still be unfolding, despite Oracle reportedly denying a breach at all. The other relates to a breach of patient data under the tech giant’s healthcare subsidiary, Oracle Health.
Oracle did not respond to TechCrunch’s request for comment about the two incidents.
Oracle Health breach affects patient data, per reports
The breach disclosed most recently involves Oracle Health, which provides hospitals and other healthcare providers with technology to access health records online. Oracle Health is a unit that was combined with Cerner, an electronic health records company that Oracle acquired in 2022 for $28 billion.
Bloomberg and Bleeping Computer reported last week that the breach affects patient data, although it’s unclear exactly what kinds of data were stolen, nor which organizations and companies that use Oracle Health are affected.
Oracle notified some of its healthcare customers in March of a breach that happened sometime earlier this year, in which hackers accessed Oracle servers and stole patient data, according to the publications.
Contact Us
Do you have more information about these two Oracle breaches? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
“We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud,” read the notification sent to some Oracle Health customers, according to Bleeping Computer.
Citing multiple sources, the news site reported that a hacker is trying to extort affected hospitals, reportedly demanding millions of dollars.
An Oracle employee, who asked to remain anonymous, as they were not authorized to speak to the press, told TechCrunch that the company hasn’t been very transparent even with its own employees.
“My team was not able to access customers’ environments for a number of days. My concern is not just with patient data breach. Access through hosts allows any and all access to what is hosted, obviously,” said the employee. “Some customers host other applications like HR and finance. I don’t know if it was hacker[-]accessed though.”
The employee said they had to look at Reddit and internal Slack channels “to even figure out something was being looked at.”
The employee said they “felt super ignored,” describing the situation as: “Nothing to see here, move right along.”
The employee, however, also said that they saw on Slack that some teams were given language to communicate with clients on March 4: “We will investigate the issue you are experiencing.”
Oracle denies cloud breach, despite mounting evidence
The other separate breach involves Oracle Cloud servers. And in this case, too, Oracle is not being very transparent about what happened.
Earlier this month, a hacker going by the online handle rose87168 posted on a cybercrime forum offering the data of 6 million Oracle Cloud customers, including authentication data and encrypted passwords, as Bleeping Computer reported at the time.
To prove that they breached Oracle, rose87168 uploaded a text file containing their online handle that was hosted on an Oracle Cloud server.
Since, several Oracle customers have confirmed that data samples shared by the hacker appear genuine, pointing to further evidence of a breach at Oracle.
Strangely, Oracle denied that there was a breach at all.
“There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data,” Oracle told the publication.
But not everyone is convinced.
“This is a serious cybersecurity incident which impacts customers, in a platform managed by Oracle,” cybersecurity expert Kevin Beaumont wrote in a blog post analyzing the alleged Oracle Cloud breach. “Oracle are attempting to wordsmith statements around Oracle Cloud and use very specific words to avoid responsibility. This is not okay.”
“Oracle need to clearly, openly and publicly communicate what happened, how it impacts customers, and what they’re doing about it. This is a matter of trust and responsibility. Step up, Oracle — or customers should start stepping off,” said Beaumont.
Commenting on one of the alleged Oracle breaches, cybersecurity expert Lisa Forte wrote on Bluesky that “if this ends up being true, and I struggle to see how it won’t, this is a very very bad look.”
