Oracle under fire to handle separate security incidents
Tech Giant Oracle faces criticism for how it handles two seemingly different data breaches.
It appears that at least one is still unfolding despite Oracle reportedly denying the violation. The other is related to a breach of patient data under Oracle Health, a healthcare subsidiary of Tech Giant.
Oracle did not respond to requests for comment on the two TechCrunch cases.
Oracle Health Breach affects patient data according to reports
This violation involves recently disclosed Oracle Health. OracleHealth provides the technology to hospitals and other healthcare providers with access to their health records online. Oracle Health is a unit combined with Cerner, an e-health record company that Oracle acquired for $28 billion in 2022.
Bloomberg and Bleeding Computer Last week we reported that violations affect patient data, but it is unclear exactly what types of data have been stolen and what organizations and businesses using Oracle Health are affected.
According to the publication, Oracle notified medical customers in March of violations that occurred earlier this year.
inquiry
Do you have any details about these two Oracle violations? From unprocessed devices and networks, you can safely contact Lorenzo Franceschi-Bicchierai via signal +1 917 257 1382 or via Telegram and Keybase @lorenzofb. Email. You can also contact us via TechCrunch securerop.
“We are pleased to announce that we noticed a cybersecurity event on or around February 20, 2025, including unauthorized access to Cerner data on older legacy servers that have not yet migrated to Oracle Cloud.”
Citing multiple sources, news sites report hackers are trying to force the affected hospitals, reportedly demanding millions of dollars.
Oracle employees asked them to remain anonymous as they were not allowed to speak to the media, but told TechCrunch that even their own employees were not very transparent.
“My team has not been able to access our clients’ environment for several days. My concern is not just patient data breach. Access through the host allows all access to what is hosted,” the employee said. “Some customers host other applications like HR and Finance. However, we don’t know if they’ve accessed hackers (-) or not.”
Employees said they have to look at Reddit and the internal slack channel and “even realizing that something is being seen.”
The employee said, “I felt very ignored,” and described the situation as follows:
However, the employee also said that on March 4th, the team given the language to communicate with clients saw in Slack that “we will investigate the issues you are experiencing.”
Oracle denies cloud violations despite increasing evidence
Other separate violations include Oracle Cloud servers. And again, Oracle is not very clear about what happened.
Earlier this month, hacker Rose87168, who uses an online handle, posted to the Cybercrime Forum, which provides data for six million Oracle Cloud customers, including authentication data and encrypted passwords. It has been reported at that time.
Rose87168 was uploaded to prove that they violated Oracle Text file containing online handles It was hosted on an Oracle Cloud server.
Since then, Several Oracle customers have confirmed The data samples shared by hackers look authentic and point to further evidence of Oracle’s violations.
Oddly, Oracle denied that there was a violation.
“There were no violations of Oracle Cloud. The published credentials are not for Oracle Cloud. Oracle Cloud customers did not experience violations or lose data,” Oracle told the publication.
But not everyone is sure.
“This is a serious cybersecurity incident that affects customers, an Oracle-managed platform,” says Kevin Beaumont, a cybersecurity expert. I wrote it in a blog post Analyze suspected Oracle Cloud violations. “Oracle is trying Wordsmith statements around Oracle Cloud and trying to use very specific words to avoid responsibility. This isn’t ok.”
“Oracles need to be clear and openly informed of what happened, how it affects their customers and what they’re doing about it. It’s a matter of trust and responsibility. Step up, Oracle – the customer should step up,” Beaumont said.
Commenting on one of the Oracle violations, cybersecurity expert Lisa Forte I wrote it on Bluesky It says, “If this is going to be true and you’re having a hard time seeing how it isn’t, this is a very bad look.”