Oracle Health Hit by Data Breach, Patient Data Possibly Compromised

The incident is the latest in a growing list of third-party vendors suffering from cyberattacks.

By Jeff Wardon, Jr., Assistant Editor


Oracle Health fell victim to a data breach that is now rippling across healthcare organizations.  

The attack occurred after a hacker stole patient data from legacy Cerner servers that hadn’t been migrated to Oracle Cloud, BleepingComputer reports. The attack was detected on February 20, 2025, and was carried out via use of compromised customer credentials sometime after January 22, 2025. Data that was stolen may have included patient records. 

The hacker, using the alias "Andrew," is extorting hospitals for millions in cryptocurrency and has created public websites about the breach, BleepingComputer reports. It is unclear whether ransomware was involved. 

According to The HIPAA Journal, Oracle has yet to make an official statement regarding the breach, but people familiar with the matter have said that the company has reached out to healthcare providers whose information may have been compromised.  

Related Content: Third-Party Vendors and Networks Pose Risks for Healthcare Cybersecurity

The healthcare industry currently makes up 41.2 percent of third-party breaches, according to a Black Kite report. Reliance on vendors to handle a high value of patient data has largely been to blame for the increase in attacks.  Because of this, cyber criminals have deemed that healthcare facilities are often willing to “pay more,” Eric O’Neill, former counterterrorism and counterintelligence operative for the FBI, previously told Healthcare Facilities Today

“They are perceived as generally paying because patient care suffers when systems go down,” says O’Neill. “Cyber attackers also know that the healthcare industry maintains very critical data that can cause massive reputation-related harm and severe downstream damage in identity theft. Because of this, they're perceived as being more likely to pay to get their data back or for the cybercriminal to destroy the data and not publish it on the dark web.” 

Additionally, the U.S. government has extended the national emergency for cyberattacks from foreign sources for another year beyond April 1, 2025, according to the Federal Register. The declaration originally came on April 1, 2015, due to the growing threat of such attacks. Since then, several executive orders have been issued to address the problem due to cyber threats posing a risk to national security, foreign policy and the economy. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



April 3, 2025


Topic Area: Information Technology , Security


Recent Posts

Oracle Health Hit by Data Breach, Patient Data Possibly Compromised

The incident is the latest in a growing list of third-party vendors suffering from cyberattacks.


Ground Broken on New MD Anderson Sugar Land Facility

Anticipated to open in 2029, the five-story location will be MD Anderson’s largest Houston-area location to date.


Florida State University Reveals Plans for Panama City Beach Hospital

The targeted opening date is in 2028.


The Effect of Over-Cleaning on Human Health

Environmental services managers should be concerned and informed about the oral and dermal toxicity of all chemicals used in their facilities.


Rumored Terror Threat to Hospitals Prompts FBI Warning

Despite no threat, healthcare facilities are urged to review emergency preparedness protocols.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.