A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.
Oracle Health has not yet publicly disclosed the incident, but in private communications sent to impacted customers and from conversations with those involved, BleepingComputer confirmed that patient data was stolen in the attack.
Oracle Health, formerly known as Cerner, is a healthcare software-as-a-service (SaaS) company offering Electronic Health Records (EHR) and business operations systems to hospitals and healthcare organizations. After being acquired by Oracle in 2022, Cerner was merged into Oracle Health, with its systems migrated to Oracle Cloud.
This of course affected legacy servers that have not been moved to the Oracle cloud.
The actor used compromised credentials to gain access to the server, says the article.
During the attack, the article claims that patient data was stolen and this means that this company will need to do what is right.
Unfortunate;ly, they’re putting the notifications on hospitals, and to make things worse, they are having hospitals talk to the CISO by phone which make it difficult for documentation purposes.
Oracle Health will pay for services but the documents they have received are not on their letterhead and they are not saying much more.
This is bad. Really bad.
Oracle Health breach compromises patient data at US hospitals is the article.
Haaaaaaaave fun with this one!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.