9. Oracle Cloud and Oracle Health
When: February
What happened?
Oracle came under fire in March for its handling of two separate security incidents.
The first related to Oracle Cloud, while the second involved a breach of patient data under the tech giant’s healthcare subsidiary, Oracle Health.
Who nominated it, and why?
Oracle’s woes caught the attention of two of our 12-strong panel.
While Sapphire CEO Ian Thomas included the first incident among his hot picks, Quorum Cyber CEO and Chief Threat Officer pairing Federico Charosky and Paul Caiazzo labelled the latter the “more damaging incident”.
“Oracle Health suffered a confirmed data breach, compromising customer credentials across hospitals, clinics, and other healthcare organisations,” Charosky and Caiazzo stated.
“Since then, numerous extortion attempts have been reported against these clients, with ransom demands reportedly in the millions.”
Channel takeaway:
Both incidents serve as a reminder of the growing importance of supply chain security, Thomas and Quorum Cyber agreed.
“This breach affected over 140,000 tenants, highlighting vulnerabilities in cloud infrastructure and the risks associated with third-party service providers,” Thomas said of the Oracle Cloud incident.
“This scenario aligns with a pattern of ‘supply chain extortion’, as seen in incidents like REvil’s attack on Kaseya VSA. When a supplier is breached and the fallout lands on customers, what recourse remains beyond costly litigation?,” Charosky and Caiazzo added.
Eight cyber-attacks were considered more significant by our leadership panel. See next page for more…
