Oracle under fire to handle separate security incidents

Tech Giant Oracle faces criticism for how it handles two seemingly different data breaches.

It appears that at least one is still unfolding despite Oracle reportedly denying the violation. The other is related to a breach of patient data under Oracle Health, a healthcare subsidiary of Tech Giant.

Oracle did not respond to requests for comment on the two TechCrunch cases.

Oracle Health Breach affects patient data according to reports

This violation involves recently disclosed Oracle Health. OracleHealth provides the technology to hospitals and other healthcare providers with access to their health records online. Oracle Health is a unit combined with Cerner, an e-health record company that Oracle acquired for $28 billion in 2022.

Bloomberg and the Bleeping Computer reported last week that violations would affect patient data, but it is unclear exactly what types of data have been stolen and what organizations and businesses using Oracle Health are affected.

According to the publication, Oracle notified medical customers in March of violations that occurred earlier this year.

“We are pleased to announce that we noticed a cybersecurity event on or around February 20, 2025, including unauthorized access to Cerner data on older legacy servers that have not yet migrated to Oracle Cloud.”

Citing multiple sources, news sites report hackers are trying to force the affected hospitals, reportedly demanding millions of dollars.

Oracle employees asked to remain anonymous. They were not allowed to speak to the press, so the company told TechCrunch that even its own employees were not very transparent.

“My team has not been able to access our clients’ environment for several days. My concern is not just patient data breach. Access through the host allows all access to what is hosted,” the employee said. “Some customers who host other applications like HR and Finance are not sure if they’re hackers or not.[-]But I accessed it. ”

Employees said they have to look at Reddit and the internal slack channel and “even realizing that something is being seen.”

The employee said, “I felt very ignored,” and described the situation as follows:

However, the employee also said that on March 4th, the team given the language to communicate with clients saw in Slack that “we will investigate the issues you are experiencing.”

Oracle denies cloud violations despite increasing evidence

Other separate violations include Oracle Cloud servers. And again, Oracle is not very clear about what happened.

Earlier this month, hackers using the online handle Rose87168 posted to the Cybercrime Forum, which provides data for six million Oracle Cloud customers, including authentication data and encrypted passwords.

To prove that they violated Oracle, Rose87168 uploaded a text file containing an online handle hosted on an Oracle Cloud server.

Since then, several Oracle customers have confirmed that the data samples shared by hackers look authentic and point to further evidence of Oracle’s violations.

Oddly, Oracle denied that there was a violation.

“There were no violations of Oracle Cloud. The published credentials are not for Oracle Cloud. Oracle Cloud customers did not experience violations or lose data,” Oracle told the publication.

But not everyone is sure.

“This is a serious cybersecurity incident that affects customers on an Oracle-managed platform,” cybersecurity expert Kevin Beaumont wrote in a blog post analyzing alleged violations of Oracle Cloud. “Oracle is trying Wordsmith statements around Oracle Cloud and trying to use very specific words to avoid responsibility. This isn’t ok.”

“Oracles need to be clear and openly informed of what happened, how it affects their customers and what they’re doing about it. It’s a matter of trust and responsibility. Step up, Oracle – the customer should step up,” Beaumont said.

Commenting on one of the Oracle violations, cybersecurity expert Lisa Forte wrote to Bruski, “If you’re struggling to see that this is a real, and not, this is a very bad look.”