(Bloomberg) – According to people familiar with the matter, hackers broke into Oracle Corp.’s computer system and stole patient data in an attempt to blackmail multiple medical providers in the United States and informed people and software companies that sent them to customers.
According to the notice, Oracle reminded some healthcare customers some time after January 22 that hackers visited company servers and copied patient data to external locations. Oracle sells software for patient record management to hospitals, doctor groups and other medical companies.
The FBI is investigating the breach and the attempts of cyberattacks to force health care companies to pay their ransoms because they don’t want to be named because they are not authorized to discuss the ongoing investigation.
It is not clear how many patient records were taken. The total number of healthcare providers hackers are trying to extort is also unsure.
Oracle, based in Austin, Texas, did not immediately respond to a request for comment. A FBI spokesman declined to comment.
In 2022, Oracle acquired Cerner Corp., an electronic health records business for $28 billion and touted the goal of modernizing old software companies, including transferring customers to the cloud. Clients include large hospital chains, small clinics and government-run facilities. The purchase reached a $16 billion flagship contract with the U.S. Department of Veterans Affairs, which has conducted highly publicized interruptions and scrutiny by lawmakers.
Oracle told customers that the hacker visited an older Cerner server to get data from cloud storage services that have not been transferred to Oracle. “The available evidence shows that participants are threatening to illegally access the environment by using stolen customer credentials,” the company said in the notice. Oracle said it was aware of the violation around February 20.
The notice to the client states that the stolen data may include patient information in the electronic intermediate record. Those familiar with the violation said the materials used included recent patient records.
“Oracle will support your organization to review information about affected patients,” the company told customers.
The publication reported some details of the cyber attack earlier.
– Assistance with Julie Zhu.
More stories like this are available Bloomberg.com
