Oracle Health Hit by Data Breach, Patient Data Possibly Compromised

The incident is the latest in a growing list of third-party vendors suffering from cyberattacks.

By Jeff Wardon, Jr., Assistant Editor


Oracle Health fell victim to a data breach that is now rippling across healthcare organizations.  

The attack occurred after a hacker stole patient data from legacy Cerner servers that hadn’t been migrated to Oracle Cloud, BleepingComputer reports. The attack was detected on February 20, 2025, and was carried out via use of compromised customer credentials sometime after January 22, 2025. Data that was stolen may have included patient records. 

The hacker, using the alias "Andrew," is extorting hospitals for millions in cryptocurrency and has created public websites about the breach, BleepingComputer reports. It is unclear whether ransomware was involved. 

According to The HIPAA Journal, Oracle has yet to make an official statement regarding the breach, but people familiar with the matter have said that the company has reached out to healthcare providers whose information may have been compromised.  

Related Content: Third-Party Vendors and Networks Pose Risks for Healthcare Cybersecurity

The healthcare industry currently makes up 41.2 percent of third-party breaches, according to a Black Kite report. Reliance on vendors to handle a high value of patient data has largely been to blame for the increase in attacks.  Because of this, cyber criminals have deemed that healthcare facilities are often willing to “pay more,” Eric O’Neill, former counterterrorism and counterintelligence operative for the FBI, previously told Healthcare Facilities Today

“They are perceived as generally paying because patient care suffers when systems go down,” says O’Neill. “Cyber attackers also know that the healthcare industry maintains very critical data that can cause massive reputation-related harm and severe downstream damage in identity theft. Because of this, they're perceived as being more likely to pay to get their data back or for the cybercriminal to destroy the data and not publish it on the dark web.” 

Additionally, the U.S. government has extended the national emergency for cyberattacks from foreign sources for another year beyond April 1, 2025, according to the Federal Register. The declaration originally came on April 1, 2015, due to the growing threat of such attacks. Since then, several executive orders have been issued to address the problem due to cyber threats posing a risk to national security, foreign policy and the economy. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



April 3, 2025


Topic Area: Information Technology , Security


Recent Posts

Frederick Health Hospital Faces 5 Lawsuits Following Ransomware Attack

The lawsuits accuse FHH of inadequate cybersecurity, poor breach notification, and failing to protect patients from identity theft risks.


Arkansas Methodist Medical Center and Baptist Memorial Health Care to Merge

They have signed a non-binding letter of intent to complete a shared mission agreement to merge the two organizations.


Ground Broken on Intermountain Saratoga Springs Multi-Specialty Clinic

The clinic is scheduled to open and start seeing patients in the fall of 2026.


Electrical Fire Tests Resilience of Massachusetts Hospital

Signature Healthcare Brockton Hospital used opportunity to renovate key systems and components and expand facility operations.


Bomb Threat Alleged at Illinois Hospital

The alleged suspect was taken into police custody, and the threat was determined to be unfounded.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.