Hackers infiltrated Oracle Corp.'s computer systems and stole patient data in an effort to extort several U.S. medical providers, according to a source familiar with the situation and a notification the software company sent to its clients.

Earlier this month, Oracle informed certain healthcare customers that hackers had accessed company servers and copied patient data to an external location sometime after January 22, according to a notification reviewed by Bloomberg News. Oracle provides software for managing patient records to hospitals, physician groups, and other medical organizations.

Figure 1. Oracle Alerts Healthcare Clients to Data Breach

The FBI is investigating the breach, as well as the cybercriminals' attempts to extort medical companies for ransom, said a source who requested anonymity due to the ongoing nature of the investigation [1]. Figure 1 shows Oracle Alerts Healthcare Clients to Data Breach.

The number of patient records stolen remains unknown, as does the total number of healthcare providers targeted for extortion.

Oracle, headquartered in Austin, Texas, did not immediately respond to a request for comment. An FBI spokesperson also declined to comment.

In 2022, Oracle acquired electronic health records provider Cerner Corp. for $28 billion, aiming to modernize its legacy software by transitioning customers to the cloud. Cerner's clients include major hospital networks, small clinics, and government-run facilities. The acquisition also included a $16 billion contract with the U.S. Department of Veterans Affairs, which has faced significant outages and scrutiny from lawmakers.

Oracle informed customers that hackers had accessed older Cerner servers, stealing data that had not yet been migrated to Oracle's cloud storage service, according to the notice [2]. "Available evidence suggests the threat actor illegally accessed the environment by using stolen customer credentials," the company stated. Oracle became aware of the breach around February 20.

The notice indicated that the stolen data might include patient information from electronic medical records. A person familiar with the breach confirmed that the stolen material contained recent patient records.

"Oracle will support your organization in its review of information to identify impacted patients," the company assured its clients.

A spokesperson for the Department of Veterans Affairs stated that the department was not affected by the incident.

The cybersecurity publication Bleeping Computer was among the first to report some details of the cyberattack.

References:

1. https://www.theregister.com/2025/03/30/infosec_news_in_brief/
2. https://techxplore.com/news/2025-03-oracle-health-customers-patient-breach.html

Cite this article:

Janani R (2025), Oracle Alerts Healthcare Clients to Patient Data Breach, AnaTechMaz, pp.120