CyberSecurity news
FlagThis
Dissent@DataBreaches.Net
//
A data breach at Oracle Health has impacted multiple healthcare organizations and hospitals across the United States. The breach involved a threat actor gaining unauthorized access to legacy servers and stealing patient data. The incident, which occurred on February 20, 2025, was initially discovered by Oracle Health, formerly known as Cerner, but has only recently been publicly disclosed by BleepingComputer on March 28, 2025, after Oracle Health failed to respond to requests for comments.
The compromised data includes sensitive information from electronic health records, single sign-on credentials, Lightweight Directory Access Protocol passwords, OAuth2 keys, and tenant data. It is believed that the breach was facilitated through the use of compromised customer credentials, aligning with known attack techniques. The implications for healthcare organizations are substantial, particularly concerning compliance with HIPAA regulations, and could lead to legal repercussions and financial penalties for affected entities.
Oracle Health is facing criticism for its lack of transparency regarding the incident. The company is reportedly telling hospitals that they will not notify patients directly, placing the responsibility on them to determine if the stolen data violates HIPPA laws. However, Oracle Health has committed to assisting in identifying impacted individuals and providing notification templates to help with notifications.
References :
The compromised data includes sensitive information from electronic health records, single sign-on credentials, Lightweight Directory Access Protocol passwords, OAuth2 keys, and tenant data. It is believed that the breach was facilitated through the use of compromised customer credentials, aligning with known attack techniques. The implications for healthcare organizations are substantial, particularly concerning compliance with HIPAA regulations, and could lead to legal repercussions and financial penalties for affected entities.
Oracle Health is facing criticism for its lack of transparency regarding the incident. The company is reportedly telling hospitals that they will not notify patients directly, placing the responsibility on them to determine if the stolen data violates HIPPA laws. However, Oracle Health has committed to assisting in identifying impacted individuals and providing notification templates to help with notifications.
Share:
References :
- bsky.app: Oracle Health breach compromises patient data at US hospitals
- BleepingComputer: A breach at Oracle Health impacts multiple U.S. healthcare organizations and hospitals after patient data was stolen from legacy servers.
- Rescana: Executive Summary: The Oracle Health data breach significantly impacted multiple US healthcare organizations and hospitals by...
- DataBreaches.Net: Oracle Health breach compromises patient data at US hospitals
Classification:
- HashTags: #Oracle #DataBreach #Healthcare
- Company: Oracle
- Target: US healthcare organizations and hospitals
- Product: Oracle Health
- Feature: Data Breach
- Type: DataBreach
- Severity: Major