Tech giant Oracle is under intense scrutiny following two separate security incidents that have compromised sensitive data. While the company maintains a stance of denial regarding one event, reports indicate that a separate breach within its healthcare division has led to the theft of patient records, fueling concerns over corporate transparency and customer safety.
Oracle Health Breach Impacts Patient Privacy
The most recent security failure involves Oracle Health, a subsidiary formed after the $28 billion acquisition of electronic health records firm Cerner. According to reports from Bloomberg and Bleeping Computer, hackers successfully accessed Oracle servers earlier this year, exfiltrating patient data.
In a notification sent to affected healthcare providers, Oracle acknowledged that on or around February 20, 2025, unauthorized parties gained access to Cerner data stored on a legacy server that had not yet transitioned to the Oracle Cloud. While the full extent of the stolen information remains unconfirmed, sources suggest that hackers are now attempting to extort hospitals for millions of dollars.
Internal friction is also mounting. An anonymous Oracle employee revealed that the company provided little guidance to its own staff, forcing employees to monitor social media channels like Reddit to understand the scope of the incident. “My concern is not just with the patient data breach. Access through hosts allows any and all access to what is hosted,” the employee stated, noting that some environments house sensitive HR and financial applications.
Contradictions in Oracle Cloud Security
Simultaneously, Oracle is facing allegations of a separate breach involving its core Cloud infrastructure. A hacker operating under the handle “rose87168” claimed to possess data from 6 million Oracle Cloud customers, including encrypted passwords and authentication details.
Despite the hacker providing verifiable proof by hosting a file on an Oracle Cloud server—and subsequent confirmation from several customers that the data samples are genuine—Oracle has issued a flat denial. The company stated: “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud.”
Industry experts are pushing back against this narrative. Cybersecurity researcher Kevin Beaumont criticized the company for using “wordsmithing” to evade responsibility. “Oracle needs to clearly, openly and publicly communicate what happened,” Beaumont noted, emphasizing that the company’s current posture is a significant breach of trust.
The situation has drawn broader criticism from the security community, with expert Lisa Forte stating on Bluesky that if the allegations are proven true, the lack of transparency represents a “very, very bad look” for the tech giant.