Enterprise tech titan Oracle is facing scrutiny on two fronts—and potentially losing the one thing its customers value most: trust.
Two separate cybersecurity incidents—one involving patient health records, the other Oracle Cloud user data—have surfaced in recent weeks. The company has confirmed neither, denied one, and refused to answer questions on either. But the mounting evidence tells a different story. And critics say Oracle’s handling of the situation could be more damaging than the breaches themselves.
The Oracle Health Breach: Legacy Infrastructure, Modern Consequences
The first confirmed breach involves Oracle Health, the division built around Oracle’s $28 billion acquisition of electronic health records giant Cerner. According to reports from Bloomberg and Bleeping Computer, Oracle began notifying healthcare customers in March that hackers accessed sensitive patient data via an outdated server.
A customer notification reportedly stated that the compromised system had not yet been migrated to the Oracle Cloud—an admission that legacy infrastructure left a door open for attackers. According to sources, at least one hacker is now extorting affected hospitals, demanding millions in exchange for silence.
The breach has already sparked internal unrest. An Oracle employee, speaking anonymously to TechCrunch, said their team lost access to client environments for days with no formal explanation, learning more from Reddit than company leadership.
And for those who understand what’s at stake, this isn’t just another corporate breach.
“Breaches involving health data can cause irreversible and incomprehensible damage to those affected,” said Yogita Parulekar, CEO of Invi Grid. “It is imperative that applications that hold health, medical and genetic data are built with security and privacy baked into its architecture designs day zero.”
Parulekar emphasized that “security and privacy by design approaches with data minimization, anonymization or deidentification, segregation and segmentation based on classification, consent and retention policies, together with basic security hygiene of strong authentication, encryption, logging, alerting and continuous pentesting must be defined and implemented day zero.”
But this breach seems rooted in the opposite approach: a legacy system lingering without modern protections—and compromised before it could be modernized.
Oracle Cloud: Denials, Proof, and a Hacker Named rose87168
The second incident centers on Oracle Cloud. Earlier this month, a hacker using the alias rose87168 posted in a cybercrime forum, offering what they claimed was access to the data of 6 million Oracle Cloud customers, including authentication credentials and encrypted passwords.
To prove the claim, the hacker uploaded a text file—containing their handle—to an Oracle Cloud server. Screenshots of the file hosted on Oracle infrastructure circulated quickly, adding credibility to the claim. Several Oracle customers later verified that sample data shared by the hacker appeared genuine.
Oracle’s response? Total denial.
“There has been no breach of Oracle Cloud,” the company told reporters. “The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
The statement did little to calm cybersecurity experts. Several accused Oracle of deflecting responsibility through semantic spin.
“This is a serious cybersecurity incident which impacts customers, in a platform managed by Oracle,” wrote security researcher Kevin Beaumont. “Oracle are attempting to wordsmith statements… This is not okay.”
Lisa Forte, another well-respected cybersecurity expert, called it “a very, very bad look.”
Damage Beyond Data
The most unsettling part of these twin incidents isn’t just what data may have been accessed—it’s the sense that Oracle has chosen obfuscation over clarity. For customers relying on Oracle to secure HR systems, hospital records, and authentication environments, that uncertainty becomes a risk in itself.
In the case of Oracle Health, delayed notifications and inconsistent messaging have already left customers scrambling. In the cloud case, the flat-out denial contrasts sharply with evidence posted by the hacker, and customer verification of leaked data.
Parulekar’s point resonates here: this isn’t just about technical safeguards, but governance, communication, and transparency—principles Oracle’s critics say are notably absent.
The Trust Gap
Oracle has long positioned itself as an enterprise-grade, mission-critical vendor. But when crises hit, that reputation hinges on how it communicates with customers, regulators, and its own employees.
Right now, customers are learning about these breaches not from Oracle—but from forums, blog posts, and Slack channels.
In the absence of clarity, confidence fades. And that raises the real risk: not just of compromised systems, but of compromised trust.