Oracle Health suffers major breach, hospital data potentially exposed

• Oracle Health has potentially suffered a second data breach
• Any such incident could affect sensitive patient data
• Oracle has not yet confirmed the scale of the breach

Oracle Health has denied having had sensitive patient data stolen by threat actors in two separate data breaches, leaving millions of customers potentially at risk.

The company had previously denied any breach after a hacker claimed to hold six million records belonging to the company but now a second incident appears to have led to a separate breach.

The company hasn’t yet commented on the compromises, but BleepingComputer has now reportedly seen private communications sent to impacted customers which confirm patient data was stolen.

Sensitive stolen data

The attack used compromised customer credentials to breach servers, and the legacy Cerner data migration servers sometime after January 22 2025, and the firm was made aware of the breach on February 20, 2025.

Reports confirmed patient information was included in the information stolen in the attack, and that the company will help identify the affected users. It’s not clear if this was the result of a ransomware attack, or if this was just data exfiltration, and it's also as yet unknown how the customer credentials were obtained.

The attacker, going by the name “Andrew”, has not claimed affiliation with any ransomware or hacking groups, and is demanding millions of dollars in cryptocurrency to stop the sale or leak of the exfiltrated information.

Healthcare organizations are increasingly at risk from cyberattackers, especially given the sensitive nature of the data they collect, and the often limited budgets for cybersecurity.

In fact, a 2024 breach of insurance firm United Healthcare impacted almost 200 million patients.

Since a data breach containing personally identifiable information such as this would put those exposed at serious risk of identity theft or fraud, Oracle Health has apparently offered to pay for credit monitoring services for those impacted.

"As cybersecurity leaders, we’re responsible for strong cyber hygiene: continuously monitoring our environments for unusual activity, leveraging cyber threat intelligence to stay ahead of emerging risks, and empowering employees to be our human firewall," commented Pierre Noel, Field CISO EMEA at Expel.

"No system is completely impenetrable, but understanding our risk landscape and layering defenses can make it much harder for attackers to succeed. Cyber resilience starts with us."

You might also like

• Take a look at our picks for the best malware removal software around
• Check out our choice for best antivirus software
• One of the most powerful ransomware hacks around has been cracked using some serious GPU power