TZUTC: -0500   
   MSGID: 815.consprcy@1:2320/105 2c512635   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Oracle Health suffers major breach, hospital data potentially exposed   
      
   Date:   
   Mon, 31 Mar 2025 15:33:00 +0000   
      
   Description:   
   Oracle Health has denied any hack.   
      
   FULL STORY   
      
   Oracle Health has denied having had sensitive patient data stolen by threat   
   actors in two separate data breaches, leaving millions of customers   
   potentially at risk.    
      
   The company had previously denied any breach after a hacker claimed to hold   
   six million records belonging to the company but now a second incident    
   appears to have led to a separate breach.    
      
   The company hasnt yet commented on the compromises, but BleepingComputer has   
   now reportedly seen private communications sent to impacted customers which   
   confirm patient data was stolen.   
      
   Sensitive stolen data    
      
   The attack used compromised customer credentials to breach servers, and the   
   legacy Cerner data migration servers sometime after January 22 2025, and the   
   firm was made aware of the breach on February 20, 2025.    
      
   Reports confirmed patient information was included in the information stolen   
   in the attack, and that the company will help identify the affected users.    
   Its not clear if this was the result of a ransomware attack, or if this was   
   just data exfiltration, and it's also as yet unknown how the customer   
   credentials were obtained.    
      
   The attacker, going by the name Andrew, has not claimed affiliation with any   
   ransomware or hacking groups, and is demanding millions of dollars in   
   cryptocurrency to stop the sale or leak of the exfiltrated information.    
      
   Healthcare organizations are increasingly at risk from cyberattackers,   
   especially given the sensitive nature of the data they collect, and the often   
   limited budgets for cybersecurity.    
      
   In fact, a 2024 breach of insurance firm United Healthcare impacted almost    
   200 million patients .    
      
   Since a data breach containing personally identifiable information such as   
   this would put those exposed at serious risk of identity theft or fraud,   
   Oracle Health has apparently offered to pay for credit monitoring services    
   for those impacted.    
      
    " As cybersecurity leaders, were responsible for strong cyber hygiene:   
   continuously monitoring our environments for unusual activity, leveraging   
   cyber threat intelligence to stay ahead of emerging risks, and empowering   
   employees to be our human firewall," commented Pierre Noel, Field CISO EMEA    
   at Expel.    
      
   "No system is completely impenetrable, but understanding our risk landscape   
   and layering defenses can make it much harder for attackers to succeed. Cyber   
   resilience starts with us."   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/oracle-health-suffers-major-breach-hosp   
   ital-data-potentially-exposed   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426