Numerous healthcare providers across the U.S. had their patient data compromised following an attack against the legacy data migration servers of major healthcare software-as-a-service firm Oracle Health, previously known as Cerner, initially discovered late last month, reports BleepingComputer.
While Oracle Health only detailed the potential exfiltration of patient information from electronic health records following attackers' exploitation of breached customer credentials in private notifications to affected organizations, data theft has been confirmed by various sources close to the matter, who noted that millions of dollars worth of cryptocurrency demanded by an alleged non-ransomware affiliate named "Andrew" to avert the sale or leak of the stolen information. Impacted healthcare organizations have also reportedly expressed concern over the inadequate transparency shown by Oracle Health in handling the incident, with the firm neither publicly acknowledging the breach nor offering written reports regarding the attack. Such a development comes as organizations validated data purportedly stolen from Oracle Cloud's federated single sign-on login servers after the firm's categorical denial of such a breach.
The arrest is a component of Operation Riptide, an international initiative focused on disrupting malicious cyber activity and holding perpetrators accountable.
The CIRCIA rule mandates that critical infrastructure entities report substantial cyber incidents within 72 hours and ransomware payments within 24 hours.