In the past week, Oracle reported two data security breaches that are still unfolding, involving Oracle Cloud Servers and Oracle Health, formerly known as Cerner Corp, which was a $28 billion acquisition of the electronic health records (EHR) business. In early 2025, Oracle Health experienced a significant data breach that exposed sensitive patient information from multiple U.S. hospitals and healthcare providers. The breach was identified around February 20, 2025, when Oracle detected unauthorized access to legacy Cerner data migration servers. Hackers exploited compromised customer credentials, gaining access to these servers as early as January 22, 2025, and exfiltrating patient data.

According to a Bleeping Computer report, Oracle sent a notification to Oracle Health customers stating, “We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud”.

While the exact number of affected records and impacted healthcare organizations has not been disclosed, the incident has raised significant concerns about healthcare data security. The breach has also prompted an ongoing investigation by the Federal Bureau of Investigation (FBI) into potential extortion attempts related to the compromised data.

Impact on Healthcare Data Security

According to the IBM data breach report, the average cost of a data breach in the healthcare industry in 2024 was $9.8 million. Healthcare remains the most expensive industry when responding and recovering from a data breach.

This breach underscores the vulnerabilities associated with legacy systems in the healthcare industry. It highlights the critical need for robust cybersecurity measures, including timely migration to secure cloud infrastructures, implementation of strong access controls, and regular security assessments. Healthcare organizations must remain vigilant and proactive to protect sensitive patient information from evolving cyber threats.

Why this Data Breach Matters

As we’ve seen from this breach, the healthcare industry will continue to be a primary target for cybercriminals due to its vast amount of personal, sensitive, and medical data.

There are lessons to learn from this breach, such as cybersecurity preparedness and the future of patient data protection. This breach exposed several critical security challenges in healthcare, which include:

  • Legacy System Vulnerabilities – Outdated infrastructure, legacy systems, and delayed cloud migrations can leave organizations vulnerable and sensitive data exposed.
  • Weak Access Controls – Weak or broken access controls create critical security vulnerabilities that allow unauthorized users to access, modify, or delete data. Compromised credentials suggest insufficient authentication and monitoring mechanisms to regularly review and update access controls to ensure users only have the necessary permissions.
  • Regulatory Compliance Risks – Healthcare organizations must comply with stringent regulations such as HIPAA, GDPR, and state-specific data protection laws. A breach of this scale could result in regulatory fines and reputational damage.
  • Data Misuse & Ransomware Risks – Threat actors can sell exfiltrated patient data on the dark web or use it in ransomware attacks, putting individuals and organizations at risk.
Download Our Breach Impact Assessment Solution Brief.

Implications for Oracle Cloud

Recent reports from Bleeping Computer and other cybersecurity publications have highlighted claims from an online account alleging a breach of Oracle Cloud’s federated SSO login servers. While Oracle has denied any such breach, potentially impacting 6 million users, available evidence contradicts this stance.

A user identified as rose87168 alleged that she obtained SSO authentication data and encrypted LDAP passwords, which she claims could be decrypted using information from the stolen files. CloudSEK researchers analyzed the data provided by rose87168 and assessed the incident with medium confidence, rating it as highly severe and potentially affecting over 140,000 Oracle Cloud customers.

Oracle Cloud, however, maintains that there was no breach of its systems and asserts that none of the published credentials pertain to Oracle Cloud accounts. Despite these claims, Oracle has not yet provided an official explanation regarding the alleged incident.

How BigID Can Improve Healthcare Data Security Posture

The Oracle Health data breach is a critical reminder of the growing cybersecurity threats facing healthcare providers. BigID Next empowers healthcare organizations with an AI-powered approach to data security and compliance needed to secure patient data, prevent breaches, and maintain compliance with regulatory standards.

BigID Next is the first and only modular data platform to address the entirety of data risk—across security, regulatory compliance, and AI. BigID combines the capabilities of DSPM, DLP, data access governance, AI model governance, privacy, data retention, and more—all within a single, cloud-native platform. By leveraging BigID Next, healthcare providers can proactively mitigate risks, safeguard their systems, and ensure the privacy of their patients.

To learn more about how BigID can help your organization strengthen its data security strategy, book a 1:1 Demo.