Tech giant Oracle is facing criticism of how to deal with two seemingly independent data breaches.
Despite reports, at least one of the events appears to be developing. Another involves violating patient data from tech giant healthcare subsidiary Oracle Health.
Oracle did not respond to TechCrunch’s request for comments about both events.
According to reports, Oracle Health violations affect patient data
Recent disclosures of violations involve Oracle Health, which provides hospitals and other healthcare providers with technology to access health records online. Oracle Health is a unit that merges with Cerner, an electronic health records company that Oracle acquired in 2022 for $28 billion.
Bloomberg and Angry computer Last week, it was reported that the violations would affect patient data, although it is not clear which data were stolen and will not affect which organizations and companies using Oracle Health were affected.
According to the publication, Oracle notified some of its healthcare clients in March of a breach that occurred earlier this year in which hackers visited Oracle servers and stole patient data.
Contact Us
Do you have more information about these two Oracle vulnerabilities? With non-working devices and networks, you can contact Lorenzo Franceschi-bicchierai in a signal of +1 917 257 1382 or via Telegram and Keybase @lorenzofb or e-mail. You can also Security.
“We are here to inform you that around February 20, 2025, we realized that the cybersecurity incident involved unauthorized access to some Cerner data on the old legacy server that has not been migrated to Oracle Cloud,” according to the Bleeping computer. ”
The news website cited multiple sources, citing sources that hackers are trying to blackmail affected hospitals, reportedly demanding millions of dollars.
Oracle employees asked to remain anonymous because they were not authorized to talk to the media, and he told TechCrunch that the company was not very transparent even with its own employees.
“My team has no access to the client’s environment for a few days. My concern is not just a patient data breach. Obviously, there is access to anything and everything that is accessed to hosting,” the employee said. “Some customers host other applications like HR and Finance. I don’t know if it’s a hacker or not.[-]Although visited. ”
The employee said they had to watch Reddit and the internal slack channel “even to figure out something.”
The employee said they “feel super neglected” and described the situation as: “I can’t see here, keep moving forward.”
However, employees also said they saw some teams on Slack being given the language to communicate with customers on March 4: “We will investigate the issues you are experiencing.”
Oracle denies cloud loopholes, despite growing evidence
Another separate vulnerability involves Oracle Cloud Server. In this case, Oracle is not transparent about what happened.
Earlier this month, hackers of Rose87168, which was posted on the cybercrime forum, provided data from 6 million Oracle Cloud customers, including authentication data and encrypted passwords Report then.
To prove that they violated Oracle, uploaded Rose87168 Text file containing its online handle This is hosted on Oracle Cloud Server.
since, Several Oracle customers have confirmed The data samples shared by the hackers appear to be true, pointing to further evidence of Oracle’s violations.
Strangely, Oracle denied that there was a violation at all.
Oracle told the publication: “There is no violation of Oracle Cloud. The published credentials are not suitable for Oracle Cloud. No Oracle Cloud customers have experienced violations or lost any data.”
But not everyone believes it.
“This is a serious cybersecurity incident that affects customers in a platform managed by Oracle,” said cybersecurity expert Kevin Beaumont, Written in a blog post Analyze the so-called Oracle Cloud vulnerability. “Oracle tries to use text Smith statements around Oracle Cloud and use very specific words to avoid responsibility. This is bad.”
“Oracle needs to communicate clearly, openly and openly what is happening, how it affects the client and how they work for it. It’s a matter of trust and responsibility. Strengthen, Oracle-or customers should start stepping up.”
Cybersecurity expert Lisa Forte comments on one of the so-called Oracle vulnerabilities Written on the Blues It’s “If this ended up being real, it’s hard for me to see that it won’t be real, it’s a very, very bad look.”
