Hackers broke into Oracle Corp.’s computer systems and stole patient data in an attempt to extort multiple medical providers in the U.S., according to a person familiar with the matter and a notification the software company sent to clients.

Earlier this month, Oracle alerted some health-care customers that sometime after Jan. 22, hackers accessed company servers and copied patient data to an outside location, according to the notification, which was seen by Bloomberg News. Oracle sells software for patient records management to hospitals, doctors’ groups and other medical companies.

The FBI is investigating the breach and the attempts by cyberattackers to force medical companies to pay ransoms, said the person, who spoke on condition of anonymity because they weren’t authorized to discuss the ongoing investigation.

It’s unknown how many patients’ records were taken. The total number of health-care providers that the hackers have sought to extort is also uncertain.

Oracle, based in Austin, Texas, didn’t immediately respond to a request for comment. An FBI spokesperson declined to comment.

In 2022, Oracle acquired the electronic health records business Cerner Corp. for $28 billion and touted goals to modernize the legacy software company, including by moving customers to the cloud. Customers include large hospitals chains, small clinics and government-run facilities. The purchase came with a flagship $16 billion contract with the U.S. Department of Veterans Affairs, which has seen highly-publicized outages and lawmaker scrutiny.

Oracle told customers that the hackers accessed older Cerner servers, taking data that had not yet been shifted to Oracle’s cloud storage service, according to the notice. “Available evidence suggests the threat actor illegally accessed the environment by using stolen customer credentials,” the company said in the notice. Oracle said it became aware of the breach around Feb. 20.

The notice to customers states that the stolen data may have included patient information from electronic medial records. The person familiar with the breach said the material taken included recent patient records.

“Oracle will support your organization in its review of information to identity impacted patients” the company told clients.

A spokesperson for Veterans Affairs said the department wasn’t affected by the incident.

The publication Bleeping Computer reported earlier on some of the details of the cyberattack.

_____

©2025 Bloomberg L.P. Visit bloomberg.com. Distributed by Tribune Content Agency, LLC.