# Oracle Cloud Security Incidents: Understanding the Recent Breaches and Their Impact

April 2025 has seen multiple security incidents involving Oracle's cloud services, raising serious concerns across industries. These breaches have prompted responses from government agencies and led to legal actions against the tech giant.

Oracle has experienced what appears to be two separate security incidents in recent months. In one case, Oracle publicly acknowledged a security incident involving two obsolete servers unrelated to Oracle Cloud Infrastructure (OCI). The company stated in an April 7, 2025 customer notice that no customer data or environments were compromised in their main cloud platform, though a hacker did access usernames from these legacy servers.

However, Bloomberg reportedly cited sources suggesting that the compromise affected credential data including usernames, passkeys, and encrypted passwords. Contradicting Oracle's official position, a person familiar with the incident claimed that Oracle log-in credentials from as recently as last year were among those affected. The attack allegedly included a demand for an extortion payment.

In a separate and potentially more serious incident, Oracle Health (formerly Cerner), a major provider of electronic health record (EHR) systems, experienced a breach involving legacy servers not yet migrated to Oracle Cloud. According to reports, a hacker used stolen credentials to access these servers in January 2025, prompting an FBI investigation. Oracle Health detected the security breach on February 20, 2025, with forensic investigation confirming that the breach occurred on or after January 22, 2025.

The hacker is allegedly extorting Oracle Health customers, demanding cryptocurrency payments to withhold publishing stolen data, which likely includes protected health information. While Oracle Health has not made a public announcement about the cyberattack, it has begun notifying affected healthcare providers that their data has been compromised.

In response to these incidents, the Cybersecurity and Infrastructure Security Agency (CISA) released guidance on April 16, 2025, regarding credential risks associated with the potential unauthorized access to a legacy Oracle cloud environment. This official government response underscores the seriousness of the situation.

Oracle's April 2025 Critical Patch Update includes 378 new security patches across multiple product families, though it's unclear if these are directly related to the recent breach incidents.

The fallout from these security incidents continues to develop, with class action lawsuits being filed and healthcare providers now facing the challenge of determining whether HIPAA breaches have occurred and notifying affected individuals.