The FBI is investigating a cyberattack on Oracle’s computer systems in which hackers stole patient data to extort multiple U.S. healthcare providers, Bloomberg reported March 28.
Oracle notified some healthcare customers earlier this month that the breach occurred sometime after Jan. 22. According to a notice sent to clients and obtained by Bloomberg, hackers accessed company servers and copied patient data to an external location.
A person familiar with the matter, who spoke on condition of anonymity, told the publication that cybercriminals attempted to demand ransom from affected medical providers. The total number of targeted providers and stolen patient records remains unknown.
Oracle did not respond to Bloomberg’s request for comment. An FBI spokesperson also declined to comment.
The breach affected older servers from EHR company Cerner, now known as Oracle Health, which Oracle acquired for $28 billion in 2022. The compromised servers had not yet been migrated to Oracle’s cloud, according to the company’s notice. Oracle said the attackers used stolen customer credentials to gain access and that the company became aware of the incident around Feb. 20.
The company warned customers that stolen data may include patient information from electronic medical records. A person familiar with the incident said the compromised information contained recent patient records.
Becker’s reached out to Oracle Health and will update the story if more information is learned.
