A breach at Oracle Health, previously known as Cerner, resulted in the theft of patient data from legacy servers using compromised customer credentials. The incident, disclosed privately on February 20, 2025, affected multiple U.S. healthcare organizations. It remains unclear if ransomware was involved in the incident that led to the breach.

Oracle's handling of the breach has frustrated customers due to limited transparency and a lack of formal documentation. Meanwhile, this incident follows reports of an alleged breach of Oracle Cloud's federated SSO login servers, which Oracle has denied. Read more about this story on our LinkedIn page