Oracle Under Fire to handle separate security incidents

The Oracle technological giant faces criticism of how it handles two seemingly separate data violations.

At least one of the incidents seems to still unfold, despite the fact that Oracle denies no violation. The other is associated with a violation of patient data in the context of its subsidiary health care of Oracle Health.

Oracle did not respond to TechCrunch’s request for comments on the two incidents.

Oracle’s health infringement affects patient data, by reports

The breach has recently revealed it includes Oracle Health, which provides hospitals and other healthcare providers with technology for access to internet health files. Oracle Health is a unit combined with Cerner, an online Health Records company that Oracle acquired 2022 for $ 28 billion.

Parachute and Computer with sinking It was reported last week that the violation affects patients’ data, although it is not clear what the data has been stolen, nor what organizations and companies using Oracle Health are affected.

Oracle informed some of its clients of health care in March of a breach that occurred at one time earlier this year, where hackers access to Oracle servers and stole patient data, according to publications.

“We are writing to inform you that, on February 20, 2025, we met a cyberspace that includes unauthorized access to certain amounts of Cerner data that was on an old inheritance server that does not emigrate to Oracle cloud”

Referring to multiple sources, the news website said a hacker is trying to launch hospitals affected, according to reports, demanding millions of dollars.

An Oracle employee who asked to remain anonymous as they had not been authorized to speak to the press, told TechCrunch that the company was not very transparent even with its own employees.

“My team has not been able to access customers’ environments for several days. My concern is not only with patient data breach. Some customers host other applications such as HR and Finance. I don’t know if it was a hacker[-]But access. ”

The employee said he had to examine the Reddit and Internal Slack channels “to understand that something was examined”.

The employee said they “felt super ignored”, describing the situation as: “Nothing to see here, go right”.

However, the employee also said they saw in Slack that some teams received a language to communicate with customers on March 4: “We will investigate the issue you are facing.”

Oracle refuses to violate the cloud, despite the increasing evidence

The other separate violation includes Oracle Cloud servers. And in this case, too, Oracle is not very transparent about what happened.

Earlier this month, a hacker that goes from the Rose87168 electronic handle was published in a cybercrime forum offering Oracle Cloud’s 6 million customers, including authentication data and encrypted passwords as a Bleping Computer Computer referenced At that time.

To prove that they violated Oracle, Rose87168 was uploaded A text file containing the online handle of hosted on an Oracle Cloud server.

From, Confirmed several Oracle customers These data samples shared by hacker appears genuine, showing further infringement in Oracle.

Paradoxically, Oracle denied that there was no violation.

“There was no violation of Oracle Cloud. Published credentials are not for Oracle Cloud.

But not everyone is convinced.

“This is a serious cyberspace that affects customers, on a platform managed by Oracle”, wrote in a blog post Analysis of the suspected violation of Oracle Cloud. “Oracle is trying to declare statements about Oracle Cloud and use very specific words to avoid responsibility. This is not okay.”

“Oracle must convey clearly, openly and publicly, communicate with what happened, how it affects customers and what they do for it. This is a matter of trust and responsibility.

Commenting on one of Oracle’s alleged violations, cyberspace Lisa Forte wrote to Bluesky This “if that ends up being true, and I’m struggling to see what it won’t be, that’s a very bad look.”