01-04-2025
Proactive Steps For Healthcare CIOs Amid Oracle Security Concerns
Oracle informed some of its healthcare customers about a breach earlier this year. A separate incident report indicates hackers accessed Oracle servers and have access to sensitive data.
The hacker claimed to have data that contained the following:
Oracle has not publicly responded to the incident yet, but healthcare CIOs who are Oracle customers must take the following steps now.
CIOs must work with their organizations to reset all single sign-on and LDAP passwords, prioritizing privileged accounts such as system administrators. This is an opportunity to remind everyone of the policy, emphasizing strong passwords and the need for every organization to have Multi-Factor Authentication (MFA) in place.
Technology leaders must work with Oracle to regenerate and replace all compromised JPS and JKS keys to prevent unauthorized access to Oracle Enterprise Manager. Unfortunately, this exercise will cause business disruption and downtime.
The organization's system administrator must thoroughly analyze authentication logs, system access records, and other relevant logs to detect unauthorized activities or anomalies within the network environment and the Oracle instance. Real-time monitoring solutions should also be deployed to continuously detect and respond to suspicious activities. Access controls should be reviewed and tightened according to the principle of least privilege to minimize potential attack surfaces.
Two security basics have to be part of IT's DNA. The IT system administrator must perform routing Patch Management: Ensure all systems are updated with the latest security patches to protect against known vulnerabilities. The Oracle incident stems from the speculation that exploited a vulnerability in the Oracle Access Manager.
Every security incident is a learning moment. Organizations must swiftly educate employees about the critical importance of cybersecurity. Use the incident to reinforce best practices such as creating strong passwords, recognizing phishing attempts, and staying vigilant online. By turning these events into opportunities for education, CIOs can strengthen their organization's defenses and embed security awareness into the culture at every level.
CIOs must actively partner with marketing and legal teams to plan the next steps. They should prioritize internal communication by promptly informing all relevant stakeholders about the breach, outlining the actions underway, and clarifying any steps employees must take. At the same time, communication leaders must prepare for external communication to patients—and possibly Health and Human Services—if the breach affects more than 500 individuals, as required for covered entities. This stage may also be the right time to activate the organization's cyber insurance policy to ensure full compliance with all protocols and avoid missing critical steps in the response process.
At this stage, with Oracle remaining silent on both incidents, healthcare CIOs must take a proactive stance. As third-party security risks continue challenging organizations, CIOs must strengthen their oversight and response strategies. These types of incidents are becoming increasingly common across the enterprise, making it critical to stay ahead of potential vulnerabilities.
