Skip to main content

Oracle Health Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating two reported data security incidents, one at Oracle Health and another involving Oracle Cloud. It is currently unclear how many individuals and the specific data potentially compromised in the alleged cyberattacks. Contact our attorneys if you have been notified by Oracle that your personal information may have been accessed or acquired.

What Happened at Oracle Health?

The company is reporting that the data compromised by Oracle Health is related to the electronic health record (EHR) company Cerner. Oracle Health, a provider of health IT to hospitals, says it became aware of a breach of legacy Cerner data migration servers on February 20, 2025.

The notification sent to impacted Oracle Health customers allegedly reads, “We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud.”

Oracle Health has not made a public announcement about the cyberattack and data breach at the time of writing, but the company has begun notifying impacted healthcare providers if their stored data has been compromised. More details on the breach should emerge in the coming weeks, but it is important for individuals to remain vigilant following any data breach incident and to understand the risks of fraud and medical identity theft.

A forensic investigation apparently confirmed that the cyberattack occurred on or after January 22, 2025 and an unknown threat actor may have accessed a server using stolen credentials and exfiltrated data. At the moment, we are not certain what types of data are involved, although data contained in electronic health records can be quite sensitive and wide-reaching. The company has already said it is the responsibility of each affected healthcare provider to investigate their own breach and to issue notification letters to affected individuals. It has been rumored that ransomware was used as data was exfiltrated and is being used in extortion attempts against the affected providers.

In what appears to be a separate incident, a cyberattack hit an Oracle Cloud server and exfiltrated approximately six million records. Some authorities at companies have seen samples of the stolen data and note that it contains genuine information associated with their accounts. It is feared that tens of thousands of customers who use Oracle Cloud services could be impacted. Oracle has yet to make a public statement regarding this breach either.

Oracle Corporation is a multinational computer technology company specializing in database software, cloud-engineered systems, and enterprise software products. Oracle Health, formerly known as Cerner, provides electronic health record (EHR) technology to hospitals. Oracle acquired Cerner in 2022 and renamed the company Oracle Health.

If you receive a data breach notification from Oracle Corporation or a third party, it is critical to understand the increased risks of data security breaches. Contact an experienced data breach lawyer to discuss how to protect yourself and to consider legal action. We have filed numerous class action data breach lawsuits on behalf of clients in all fifty states. We seek compensation and corporate accountability.