US patient data reportedly stolen following Oracle Health breach

  • 2 April 2025
US patient data reportedly stolen following Oracle Health breach
Credit: Shutterstock.com
  • A breach at Oracle Health has reportedly led to patient data in the US being stolen by a cyber criminal, BleepingComputer reports
  • In a notice sent to impact customers, Oracle Health confirmed that it became aware of a breach of legacy Cerner data migration servers on 20 February 2025
  • Oracle Health previously denied claims that its public cloud was compromised

An alleged breach at Oracle Health has impacted multiple healthcare organisations and hospitals in the US after a cyber criminal reportedly  stole patient data from legacy servers. 

Oracle Health is yet to publicly disclose the incident, but BleepingComputer reported that it had seen private communications sent to customers that confirmed patient data was stolen in the attack.

The notice from Oracle Health to impacted customers said that the firm became aware of a breach of legacy Cerner data migration servers on 20 February 2025.

It said: “We are writing to inform you that, on or around 20 February 2025, we became aware of a cybersecurity event involving unauthorised access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud.”

Oracle said the threat actor used compromised customer credentials to breach the servers sometime after 22 January 2025, and copied data to a remote server. This stolen data “may” have included patient information from electronic health records (EHRs)

According to BleepingComputer, multiple sources confirmed that patient data was stolen during the attack.

Details of the attack were not shared with customers and it is not known if ransomware was deployed in the attack or if it was purely data theft.

It is also unclear how a customer’s credentials could have allowed the theft of data from multiple organisations.

Sources told BleepingComputer that the impacted hospitals are being extorted by an individual threat actor going by the name “Andrew” who has not claimed affiliation with any known ransomware or extortion groups.

Oracle Health, formerly known as Cerner, is a healthcare software-as-a-service (SaaS) company offering EHRs and business operations systems to hospitals and healthcare organisations.

After being acquired by Oracle in 2022, Cerner was merged into Oracle Health, with its systems migrated to Oracle Cloud.

Oracle had previously denied claims that its public cloud offering was compromised and had information stolen after a threat actor advertised on an online cyber crime forum what was alleged to be Oracle Cloud customer security keys and other sensitive data taken.

A spokesperson for Oracle told The Register on 21 March 2025: “There has been no breach of Oracle Cloud.

“The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

Digital Health News contacted Oracle Health but had not received a response at the time of publication.

Subscribe To Our Newsletters

Subscribe to our newsletter

Subscribe To Our Newsletter

Related News

Midlands trust launches digital medicines management system

Midlands trust launches digital medicines management system

University Hospitals Coventry and Warwickshire (UHCW) NHS Trust has gone live with an interoperable digital medicines management system.
Health minister apologises for NHSE error on FDP data access

Health minister apologises for NHSE error on FDP data access

Health minister Preet Kaur Gill has apologised for NHSE’s handling of information provided to the NDG on FDP patient data access.
Royal Cornwall Hospitals delays Oracle EPR go-live

Royal Cornwall Hospitals delays Oracle EPR go-live

Royal Cornwall Hospitals NHS Trust has delayed its Oracle EPR go-live to ensure it will “support safe patient care and service continuity”.