In one of the most high-profile incidents this year, a threat actor operating under the alias “Rose” claimed responsibility for breaching Oracle Cloud—a suite of services for businesses to build, deploy and manage applications in the cloud.
Thanks to our always-on security operations center (SOC), we detected and responded to the threat faster than any other insurer—intervening early to help shield our policyholders from harm.
How we uncovered the threat
After breaching Oracle Cloud, the attacker leaked a list of over 140,000 domains, with data—including passwords, security certificates, emails, LDAP records and patient information—soon validated by researchers and Oracle customers. Around the same time, Oracle Health (formerly Cerner) suffered an unrelated breach, where attackers targeted legacy servers and gained access to sensitive patient records. While Oracle hasn’t made a public statement on this incident, impacted customers have been contacted directly.
By leveraging our exclusive threat intelligence network, our team discovered the incidents early on and quickly provided mitigation measures to protect our insureds before further damage could occur.
We partner with government and private threat intelligence organizations to identify and analyze information about cyber threats your business is exposed to—helping those at risk take action before it’s too late. Threat intelligence: How it works
Why it matters
If undetected, breaches like these can have far-reaching consequences. Stolen credentials can be used to infiltrate systems, steal more data or deploy ransomware, causing business disruption, reputational damage, regulatory fines and legal liability. And for healthcare organizations, the stakes are even higher, with potential HIPAA violations, other regulatory conditions and patient trust on the line.
Simply put, breaches of this scale don’t just compromise data—they threaten the very continuity and credibility of the businesses affected.
How we’re helping customers
Being first in the market to learn of the breach, our team worked across the weekend and within 48 hours had taken measures to reduce the incident’s impact, identify affected customers and issue targeted alerts.
Each alert included clear, actionable steps:
- Reset all Oracle-related passwords
- Review account activity and access logs for suspicious behavior
- Enforce multi-factor authentication (MFA)
- Audit systems integrated with Oracle services
- Coordinate with Oracle account representatives for further guidance
By acting early, we helped insureds stay ahead of further compromise and protect critical systems.
Preventative steps: Tips to stay ahead
With cyber threats increasingly difficult to detect and prevent, it’s more important than ever to go with a sophisticated cyber insurer with exclusive access to threat intelligence. Using these insights, we can identify potential threats and alert customers before they come to pass—because prevention is better than a cure, always.
The Oracle incidents show how deeply interconnected today’s digital ecosystems have become, with cybercriminals exploiting vulnerabilities across the supply chain. It’s not enough to maintain vigilance only over your own systems; you need to vet partner systems too.
Key takeaways:
- Benefit from proactive services through comprehensive cyber insurance: From the moment you take out a CFC cyber policy, we work around the clock to protect businesses against cyber attacks.
- Vet cyber controls across third-party networks: Third-party systems and suppliers can open the door to cyber threats.
- Take steps to protect sensitive data: Personal and financial information remains a top target for cybercriminals.
- Implement layered security: Tools like MFA are vital for staying secure.
Learn more about our proactive services work to protect businesses.
