Oracle under fire to process individual security incidents

Tech Giant Oracle is criticized for how it handles two seemingly separate data violations.

At least one of the incidents seems to be still unfolding, although Oracle denies a violation at all. The other refers to a violation of patients under the subsidiary of Tech Giant Healthcare, Oracle Health.

Oracle did not respond to TechCrunch’s request for a comment on the two incidents.

Oracle Health Breach affects patient data as reported

The disclosure, most recently discovered, includes Oracle Health, which provides hospitals and other health service providers technology to access health records online. Oracle Health is a unit that is combined with Cerner, an electronic health records company that Oracle acquired in 2022 for $ 28 billion.

Bloomberg and Brilliant computer It was reported last week that the violation is affecting patients’ data, although it is not clear exactly what types of data have been stolen or which organizations and companies that use Oracle Health.

Oracle informs some of its health customers in March about a violation that happened somewhere earlier this year, in which hackers have access to Oracle servers and stole patient data, according to publications.

“We write to inform you that on or around February 20, 2025, we learned about an event for cybersecurity, including unauthorized access to any amount of your Cerner data, which is on an old inherited server that has not yet migrated to the Oracle cloud,” read the announcement to some Oracle HEALT customers.

Referring to numerous sources, the news site said Hacker was trying to blackmail the affected hospitals, reporting that he was requiring millions of dollars.

An Oracle employee who asked to remain anonymous because they were not authorized to speak to the press, Tecchrunch told the company that the company was not very transparent even with its own employees.

“My team has failed to gain access to customer environments for several days. My three are not just in violation of patient data. “Some customers host other apps such as HR and Finance. I don’t know if he had access to a hacker (-).”

The employee said they need to look at Reddit and the internal weak channels, “to understand even something that is being watched.”

The employee said they “feel super ignored”, describing the situation as, “Nothing to see here, move exactly.”

However, the employee also said that on March 4, they saw Slack that some teams were given to communicate with clients: “We will investigate the problem you are experiencing.”

Oracle denies a cloud disorder despite the installation of evidence

Another individual violation includes Oracle Cloud servers. And in this case, Oracle is not very transparent to what happened.

Earlier this month, a hacker, which deals with the Rose87168 online handle, published in a cybercrime forum offering data to 6 million Oracle Cloud customers, including authentication and encrypted passwords such as bleeding computer reported At that time.

To prove they have violated Oracle, Rose87168 has been uploaded A text file containing their online handle This was hosted by Oracle Cloud Server.

Since, Several Oracle customers have confirmed These data samples shared by the hacker seem to be real, indicating additional evidence of Oracle violation.

It is strange that Oracle denied that there was a violation at all.

“There is no violation of Oracle Cloud. Posted powers are not for Oracle Cloud. No Oracle Cloud customer has had a violation or losses data,” Oracle told the publication.

But not everyone is convinced.

“This is a serious cybersecurity incident that affects customers in a platform managed by Oracle,” Cybersecurity Expert Kevin Bomont wrote in a blog post Analysis of the alleged violation of Oracle Cloud. “Oracle is trying to express Wordsmith around Oracle Cloud and use many specific words to avoid responsibility. It’s not right.”

“Oracle needs to be clearly, openly and publicly reporting what happened, how it affects customers and what they do about it. It’s a matter of trust and responsibility.

Commenting on one of Oracle’s alleged violations, cybersecurity expert Lisa Forte Written on Bluesky That “If this is ultimately true and I am struggling to see how not, it’s a very bad look.”