Oracle Health Data Breach – Class Action Investigation
Chimicles Schwartz Kriner & Donaldson-Smith LLP is investigating a potential class action relating to a data breach incident involving Oracle Health (formerly known as Cerner), a healthcare software-as-a-service (SaaS) company that provides electronic health record and business systems to many hospitals and other healthcare providers.
What Happened at Oracle Health?
According to recent news reports, a significant data breach occurred affecting Oracle Health and the healthcare organizations using its services. A threat actor reportedly stole sensitive healthcare records from Oracle Health customers potentially affecting patients. The exact scope of the stolen data and the patients that may have been affected remains unknown. Oracle Health’s customers may include:
- Northwell Health
- Lexington Medical Center
- Henry Community Health
- Covenant Health
- Fitzgibbon Hospital
- Sarah Bush Lincoln
- St. Joseph’s Health
- Mars Veterinary Health
- St. John’s Health
- Northern Light Health
- Fivos
- Centra
- Health Partners
The breach itself originated from a vulnerability found in a Cerner legacy data migration server on February 20, 2025. The attacker allegedly gained access by taking advantage of this vulnerability, and exfiltrated a large cache of Oracle Health’s customers’ data, including patient data.
Preliminarily, it is believed that the compromised data may include, but is not limited to, patient information from electronic health records and other sensitive personal information. The threat actor has been observed extorting Oracle Health’s customers for ransom, threatening the healthcare providers to pay money for patient data not be released.
Why is it Important to you?
This data breach, if confirmed, could have serious consequences for the impacted patients of Oracle Health’s customers.
If you are a patient of a healthcare entity that uses Oracle Health (formerly Cerner) services who believes your information may have been compromised as a result of this breach, please fill-out the below contact form with your additional information.
(*) Indicates required field: When communicating with us through this site or otherwise in connection with a matter for which we do not already represent you, your communication may not be treated as privileged or confidential, and does not create an attorney-client relationship between you and our Firm.
