1. Forum
  2. FidoNet Int
  3. consprcy

  • Oracle Health suffers maj

    From Mike Powell@1:2320/105 to All on Tue Apr 1 08:21:00 2025
    Oracle Health suffers major breach, hospital data potentially exposed

    Date:
    Mon, 31 Mar 2025 15:33:00 +0000

    Description:
    Oracle Health has denied any hack.

    FULL STORY

    Oracle Health has denied having had sensitive patient data stolen by threat actors in two separate data breaches, leaving millions of customers
    potentially at risk.

    The company had previously denied any breach after a hacker claimed to hold
    six million records belonging to the company but now a second incident
    appears to have led to a separate breach.

    The company hasnt yet commented on the compromises, but BleepingComputer has now reportedly seen private communications sent to impacted customers which confirm patient data was stolen.

    Sensitive stolen data

    The attack used compromised customer credentials to breach servers, and the legacy Cerner data migration servers sometime after January 22 2025, and the firm was made aware of the breach on February 20, 2025.

    Reports confirmed patient information was included in the information stolen
    in the attack, and that the company will help identify the affected users.
    Its not clear if this was the result of a ransomware attack, or if this was just data exfiltration, and it's also as yet unknown how the customer credentials were obtained.

    The attacker, going by the name Andrew, has not claimed affiliation with any ransomware or hacking groups, and is demanding millions of dollars in cryptocurrency to stop the sale or leak of the exfiltrated information.

    Healthcare organizations are increasingly at risk from cyberattackers, especially given the sensitive nature of the data they collect, and the often limited budgets for cybersecurity.

    In fact, a 2024 breach of insurance firm United Healthcare impacted almost
    200 million patients .

    Since a data breach containing personally identifiable information such as
    this would put those exposed at serious risk of identity theft or fraud,
    Oracle Health has apparently offered to pay for credit monitoring services
    for those impacted.

    " As cybersecurity leaders, were responsible for strong cyber hygiene: continuously monitoring our environments for unusual activity, leveraging
    cyber threat intelligence to stay ahead of emerging risks, and empowering employees to be our human firewall," commented Pierre Noel, Field CISO EMEA
    at Expel.

    "No system is completely impenetrable, but understanding our risk landscape
    and layering defenses can make it much harder for attackers to succeed. Cyber resilience starts with us."

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/oracle-health-suffers-major-breach-hosp ital-data-potentially-exposed

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)