Oracle Faces Backlash Over Management of Multiple Security Incidents

Oracle, a leading tech giant, is currently under fire for its handling of two significant data breaches that have raised alarms in the cybersecurity community. While one incident is still unfolding, the other specifically involves a breach of patient data through Oracle Health, the company’s healthcare subsidiary.

Oracle Health Data Breach: What You Need to Know

The most recent data breach involves Oracle Health, which supplies technology solutions for hospitals and healthcare providers to manage health records online. This unit was formed after Oracle’s acquisition of Cerner, a major electronic health records firm, in 2022 for a staggering $28 billion.

Details of the Oracle Health Breach

According to reports from Bloomberg and Bleeping Computer, this breach affects sensitive patient data. However, the specifics regarding the types of data compromised and the healthcare organizations involved remain unclear.

• Oracle had informed certain healthcare customers about the breach that occurred earlier this year.
• The notification indicated unauthorized access to Cerner data on an outdated server not yet migrated to the Oracle Cloud.
• Reports suggest that hackers are attempting to extort affected hospitals for millions of dollars.

In a notification to its clients, Oracle stated, “We became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data.” This communication has raised concerns about the company’s transparency, even among its employees.

Employee Concerns and Transparency Issues

An anonymous Oracle employee shared their frustration, stating that their team was unable to access customer environments for days. They expressed concern not only for patient data but also for other applications hosted on Oracle servers, including HR and finance systems. “I felt super ignored,” the employee remarked, highlighting a lack of communication from the company’s leadership.

Oracle Cloud Breach: Denial Amid Evidence

The second incident involves alleged breaches of Oracle Cloud servers. Despite mounting evidence, Oracle has denied that any breach occurred. Earlier this month, a hacker, identified as rose87168, claimed to have compromised data from 6 million Oracle Cloud customers, sharing samples that appeared to be authentic.

• The hacker provided proof of the breach by uploading a text file from an Oracle Cloud server.
• Oracle continues to assert that “there has been no breach of Oracle Cloud” and insists that no customer data has been lost.

Cybersecurity expert Kevin Beaumont criticized Oracle’s response, suggesting that the company is using ambiguous language to deflect responsibility. He stated, “This is a serious cybersecurity incident which impacts customers.” Beaumont emphasized the necessity for Oracle to provide clear and transparent communication regarding the breach and its implications.

Expert Opinions on Oracle’s Response

Another cybersecurity professional, Lisa Forte, echoed similar sentiments, noting on Bluesky that the situation does not reflect well on Oracle if the claims of a breach are substantiated. “This is a very, very bad look,” she stated.

As the situation develops, it is crucial for Oracle to address these breaches transparently to maintain customer trust. For more information on cybersecurity best practices, visit Cybersecurity.gov.

For any tips or further information regarding these Oracle breaches, feel free to reach out securely via Signal, Telegram, or email as provided in the original article.