Tech giant Oracle is under fire for its response to two separate data breaches, one of which remains ongoing despite the company’s denial of any security compromise.
The second breach involves a cybersecurity incident affecting patient data under its healthcare subsidiary, Oracle Health.
The latest reported breach involves Oracle Health, a division formed after Oracle’s $28 billion acquisition of electronic health records company Cerner in 2022. According to reports from Bloomberg and Bleeping Computer, patient data was compromised, though details regarding the type of data stolen and the affected organizations remain unclear.
In March, Oracle notified some healthcare customers of a breach that took place earlier this year, in which hackers infiltrated Oracle servers and stole sensitive data. A notification sent to customers, cited by Bleeping Computer, stated that Oracle became aware of unauthorized access on February 20, 2025, involving an old legacy server not yet migrated to Oracle Cloud.
Adding to the concerns, sources indicate that a hacker is attempting to extort hospitals affected by the breach, allegedly demanding millions of dollars. An anonymous Oracle employee told TechCrunch that the company has not been transparent, even internally. “My team was unable to access customers’ environments for days,” the employee stated, expressing concerns that the breach may have compromised applications beyond patient data, including HR and financial records.
A separate incident involves Oracle Cloud servers, with Oracle denying any breach despite mounting evidence. Earlier this month, a hacker known as “rose87168” claimed to have accessed data from six million Oracle Cloud customers, including authentication details and encrypted passwords. The hacker posted proof on a cybercrime forum, uploading a text file with their online handle to an Oracle Cloud server.
Several Oracle customers have since verified that data samples shared by the hacker appear legitimate. However, Oracle issued a statement denying the breach, asserting that “no Oracle Cloud customers experienced a breach or lost any data.”
Cybersecurity experts are skeptical of Oracle’s response. Security researcher Kevin Beaumont criticized the company, stating that Oracle is attempting to “wordsmith statements” to avoid responsibility. He urged the tech giant to publicly disclose the extent of the breach and its impact on customers, warning that failure to do so could damage trust in the company’s cloud services.
Cybersecurity expert Lisa Forte echoed similar concerns, stating, “If this breach is confirmed, it will be a major reputational blow for Oracle.” As scrutiny intensifies, Oracle faces increasing pressure to provide clarity on the incidents and strengthen its cybersecurity measures.
