Reports have emerged over the weekend suggesting that Oracle has fallen victim to two separate data breaches in recent months. One breach reportedly affected Oracle Health customers, while the other was said to target Oracle Cloud login servers.
Oracle has remained tight-lipped about the Oracle Health breach, which is currently under FBI investigation, and has not responded to inquiries from Healthcare IT News. Additionally, the company has denied the alleged Oracle Cloud breach, which is believed to have impacted up to 6 million records.
Oracle Health
According to a report from Bleeping Computer on March 28, some healthcare clients, including hospitals, received a letter from Seema Verma, executive vice president and general manager of Oracle Health, notifying them of a breach involving legacy Cerner data migration servers. This incident occurred around February 20, 2025, and involved unauthorized access to data stored on an old legacy server that had not yet been migrated to the Oracle Cloud.
The letter, reportedly written on plain paper rather than official Oracle letterhead, indicated that electronic health records information may have been compromised in the breach. Customers affected by this breach have been advised to assess whether the stolen data constitutes a HIPAA violation, with Oracle offering assistance in notifying patients if necessary. Affected customers have also been instructed to contact Oracle Health’s security team by phone rather than email.
Oracle Cloud
Meanwhile, another report suggests that millions of records may have been compromised in an alleged breach of Oracle Cloud federated SSO login servers. An online account claims to have accessed authentication data and encrypted passwords of up to 6 million users. The perpetrator alleges to have stolen SSO and LDAP passwords from over 140,000 domains across various companies and government agencies, claiming that the passwords could be decrypted using information from the files.
Oracle has refuted these claims, asserting that there has been no breach of Oracle Cloud and that the published credentials do not pertain to their cloud services. Despite Oracle’s denial, some security researchers maintain that the evidence suggests otherwise.
Healthcare IT News has reached out to Oracle for comment on both reported breaches and will update readers accordingly.
This article was written by Mike Miliard, the executive editor of Healthcare IT News. For inquiries, you can reach out to him at mike.miliard@himssmedia.com. Healthcare IT News is a HIMSS publication.
