On or after January 22, 2025, a threat actor used stolen credentials to access legacy Cerner electronic health record (EHR) servers belonging to Oracle Health that had not yet been migrated to Oracle Cloud. Oracle Health (which acquired Cerner in 2022) detected the breach around February 20, 2025, and BleepingComputer first publicly disclosed it on March 28, 2025. Up to 80 hospitals may have been affected, including facilities confirmed in Texas (4,082 individuals), Massachusetts (6,562), South Carolina (2,989), and Washington (802). AdventHealth was among the named health systems. Exposed patient data includes names, Social Security numbers, addresses, dates of birth, medical record numbers, details of care and treatment, diagnoses, physician names, medical images, medications, and test results. The FBI investigated potential extortion attempts related to the breach. CVE-2025-30154 (CVSS 8.6) was added to CISA’s Known Exploited Vulnerabilities catalog in connection with Oracle infrastructure exploitation during this period.