Summary: A breach at Oracle Health has compromised patient data from multiple US healthcare organizations after a threat actor accessed legacy servers. Oracle Health, formerly Cerner, confirmed the incident but has faced criticism for its lack of transparency and communication. Healthcare organizations are advised to determine their own notification responsibilities regarding potential HIPAA violations due to the breach.
Affected: Oracle Health, US healthcare organizations and hospitals
Keypoints :
- Oracle Health became aware of the breach on February 20, 2025, involving stolen data from legacy data migration servers.
- The attack utilized compromised customer credentials, potentially leading to the theft of patient information.
- Oracle will not notify patients directly and has frustrated customers with its communication methods and lack of clear documentation.