Oracle has informed its healthcare clients of a January 22 breach in which hackers gained access to its servers and copied patient data, Bloomberg reports. The hackers then attempted to extort money from several US healthcare providers by threatening to publish the stolen information publicly, according to a source.
Image Source: Oracle
Oracle provides patient record management software to hospitals and other healthcare institutions.
The FBI is investigating the incident. It is not yet known how much data the hackers managed to copy or how many providers they tried to extort money from. Oracle said it learned of the breach around February 20. The company told customers that the hackers had gained access to old Cerner servers that held data that had not yet been migrated to Oracle’s cloud storage service.
«“The available evidence suggests that the attacker illegally gained access to the environment using stolen customer credentials,” the company said in a notice.
The alert to clients also said the stolen data may have included information about patients from electronic medical records. The stolen data included recent visits patients had made to doctors, according to a source told Bloomberg.
«Oracle will support your organization in verifying information about patients whose data has been stolen,” the company told clients.
It should be noted that just a few days ago, Oracle categorically denied the hack, despite the fact that the hacker published evidence on the darknet that he managed to get hold of data stored on Oracle Cloud servers.