A cyberattack on outdated Cerner servers during the transition of data to Oracle's cloud has compromised the personal and medical information of almost 263,000 Union Health patients.
What happened
Indiana-based Union Health System has reported a data breach that compromised the sensitive personal and medical information of nearly 263,000 individuals. The breach originated from legacy patient data hosted on Cerner servers, now owned by Oracle, that were slated for migration to Oracle’s cloud infrastructure. Union Health disclosed the incident to federal regulators on April 21, making it one of the first healthcare systems to acknowledge the hack that occurred earlier this year formally.
Going deeper
According to court filings and internal documents, Union Health was contacted on February 24 by an unknown party claiming possession of sensitive data. After investigating, Union Health confirmed that the data pertained to migration services handled by Oracle Health (formerly Cerner). Oracle informed the hospital that it had detected unauthorized access to the data on February 20, with the breach likely starting sometime after January 22. The compromised files included names, Social Security numbers, driver's license details, health insurance information, medications, diagnoses, and treatment histories.
Although Union Health stated that its own internal systems were not impacted, the incident has triggered several proposed federal class action lawsuits, accusing both Union Health and Oracle of negligence and failing to protect patient data.
Read also:
What was said
In response to Information Security Media Group, Oracle reiterated in a letter that “the Oracle Cloud Infrastructure (OCI) has not experienced a security breach,” emphasizing that the compromised servers were obsolete and not part of OCI. “The hacker did not expose usable passwords,” the company stated, attempting to reassure clients that their core cloud services remain secure.
Union Health has not issued public comments since the breach notification and has not responded to media inquiries. Notably, the breach notice originally posted on its website has since been removed but remains accessible through legal filings.
Adding to the tension, one lawsuit claims the healthcare providers are now being extorted by an individual known as "Andrew," who is demanding millions in cryptocurrency to avoid leaking the stolen data.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
Why it matters
Third-party migration processes, especially those involving legacy healthcare data, pose significant cybersecurity risks if not properly secured. This breach highlights how vulnerabilities during transitions to cloud environments can be exploited, exposing sensitive patient information. It also raises questions about vendor transparency and responsibility when incidents occur, as affected entities and patients are often left without timely or clear communication.
Read also: What is vendor compromise?
FAQS
What is a healthcare data breach?
A healthcare data breach occurs when unauthorized individuals gain access to sensitive personal and medical information stored by a healthcare provider, vendor, or affiliated third party.
Read also: Healthcare data breaches: Insights and implications
What is a third-party data breach?
This happens when an organization’s data is compromised through a breach at a contractor, vendor, or partner, such as an IT service provider or cloud storage company, rather than the healthcare organization itself.
How do data breaches typically occur?
Breaches may result from phishing attacks, malware, insecure servers, misconfigured cloud storage, insider threats, or vulnerabilities during data transfers or system migrations.
See also: Types of breaches
Who is responsible for protecting the data?
Both the healthcare provider and the third-party vendor share responsibility for safeguarding data under regulations such as HIPAA. Contracts typically define each party’s obligations.
Go deeper: Who is responsible for a data breach?
Tshedimoso Makhene
