Technology giant Oracle is under fire for its handling of two separate data breaches that have come to light recently.

One of the incidents is still unfolding, despite Oracle’s denial of any breach. The other incident involves a breach of patient data at Oracle Health, the company’s healthcare subsidiary.

Oracle has not responded to requests for comment from TechCrunch regarding the two incidents.

Oracle Health Breach Compromises Patient Data, According to Reports

The recently disclosed breach affects Oracle Health, which provides technology to hospitals and healthcare providers for accessing health records online. Oracle Health was formed by combining Cerner, an electronic health records company that Oracle acquired in 2022 for $28 billion.

According to Bloomberg and Bleeping Computer, the breach has compromised patient data, although the exact nature and scope of the data stolen are unclear. It is also unclear which organizations and companies that use Oracle Health are affected.

In March, Oracle notified some of its healthcare customers about a breach that occurred earlier in the year, in which hackers gained access to Oracle servers and stole patient data, according to the publications.

A notification sent to some Oracle Health customers stated: “We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud,” as reported by Bleeping Computer.

Citing multiple sources, Bleeping Computer also reported that a hacker is attempting to extort affected hospitals, demanding millions of dollars.

An Oracle employee, who wished to remain anonymous, told TechCrunch that the company has not been transparent with its own employees about the breach. The employee expressed concerns that the breach may have compromised more than just patient data, given the level of access gained by the hackers.

The employee stated: “My team was not able to access customers’ environments for a number of days. My concern is not just with the patient data breach. Access through hosts allows any and all access to what is hosted, obviously. Some customers host other applications like HR and finance. I don’t know if it was hacker-accessed though.”

The employee felt that they had to rely on Reddit and internal Slack channels to gather information about the breach, saying: “I had to look at Reddit and internal Slack channels to even figure out something was being looked at.”

The employee expressed feelings of being ignored, describing the situation as: “Nothing to see here, move right along.” However, they did mention that some teams were given language to communicate with clients on March 4, stating: “We will investigate the issue you are experiencing.”

Oracle Denies Cloud Breach Amidst Growing Evidence

The other separate breach involves Oracle Cloud servers, and Oracle is facing criticism for its lack of transparency in this case as well.

Earlier this month, a hacker using the handle rose87168 posted on a cybercrime forum, offering the data of 6 million Oracle Cloud customers, including authentication data and encrypted passwords, as reported by Bleeping Computer.

To prove the breach, rose87168 uploaded a text file containing their handle to an Oracle Cloud server, which was later archived.

Several Oracle customers have since confirmed that the data samples shared by the hacker appear to be genuine, suggesting a breach did occur at Oracle.

However, Oracle has denied any breach, stating: “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

Cybersecurity expert Kevin Beaumont criticized Oracle’s response, saying: “This is a serious cybersecurity incident which impacts customers, in a platform managed by Oracle. Oracle are attempting to wordsmith statements around Oracle Cloud and use very specific words to avoid responsibility. This is not okay.”

Beaumont emphasized the need for Oracle to be transparent about the incident, stating: “Oracle need to clearly, openly and publicly communicate what happened, how it impacts customers, and what they’re doing about it. This is a matter of trust and responsibility. Step up, Oracle — or customers should start stepping off.”

Another cybersecurity expert, Lisa Forte, commented on the alleged breach, saying: “If this ends up being true, and I struggle to see how it won’t, this is a very very bad look” for Oracle.