←back to thread

Oracle attempt to hide cybersecurity incident from customers?

(doublepulsar.com)
630 points 2bluesc | 3 comments | 31 Mar 25 15:11 UTC | HN request time: 0s | source
Show context
nerdjon ◴[31 Mar 25 16:18 UTC] No.43536732[source]
This is honestly wild.

Whether we like it or not security incidents have become such common place in the last several years that if they just admitted to it this entire story would have likely been shrugged off and mostly forgotten about in a couple days but instead it is turning into an entire thing that just seems to be getting deeper and deeper. (Not downplaying the security incident, but that is the unfortunate reality).

Seriously if I can't trust that I am going to actually be told and not lied too when there is a security incident at the bare minimum, why would I chose to work with a company? What is Oracle's end goal here?

Are they somehow really confident that this didn't happen, maybe they don't have the logs to confirm it? Trying to think about how this is anything except them just straight up lying.

I can't remember the last time we saw a company this strongly try to deny that something like this happened. Especially when according to Ars Technica:

> On Friday, when I asked Oracle for comment, a spokesperson asked if they could provide a statement that couldn’t be attributed to Oracle in any way. After I declined, the spokesperson said Oracle would have no comment.

replies(4): >>43537096 #>>43537117 #>>43537883 #>>43538790 #
sofixa ◴[31 Mar 25 16:51 UTC] No.43537096[source]
> Seriously if I can't trust that I am going to actually be told and not lied too when there is a security incident at the bare minimum, why would I chose to work with a company? What is Oracle's end goal here?

I think you're coming at this from the wrong point of view. Oracle couldn't care in the slightest about what regular people think of them. Remember, they are the company that sent lawyers after the employers of folks who downloaded non-free but bundled by default extensions to VirtualBox, and the company that declared that you need to license every core their software could _potentially_ run on in your virtualisation estate (so if you have a 8 vCPU VM for some Oracle software, you need licenses for however many physical cores you have on your cluster). They've variously been described as a law firm with an engineering side business, and One Rich Asshole Called Larry Ellisson. Speaking of whom, he multiple times flat out lied on stage to make his shitty "cloud" nobody cares about seem relevant compared to AWS.

Nobody buys Oracle because they like them or their good reputation. You buy them because you have legacy stuff that depends on them and you have no choice (even Amazon took many years to get off Oracle databases, and they wrote a gloating success story one they were done with it because they were that happy to be rid of the leeches), or because your bosses' boss was convinced at a golf course they're getting a good deal. Or because their bandwidth is very cheap and you accept the risk of dealing with the devil incarnate with zero morals. (cf. Zoom).

Oracle is like Broadcom. Everyone hates their guts, everyone who worked there has a black mark on their CV. Yet they persist, continue leeching off companies too scared to make the jump elsewhere.

replies(3): >>43537604 #>>43538360 #>>43539488 #
mandevil ◴[31 Mar 25 17:39 UTC] No.43537604[source]
My wife is a hospital pharmacist. Cerner is a poular EMR system, is ~#2 in the market (behind Epic). These systems are ridiculously difficult to change between (everyone from your front-check-in desk to every surgeon who has privileges needs to be trained on how the new system works in addition to the technical problems with ETL'ing all your data over, and each hospital has an enormous amount of customization done to their workflows that has to be ported over to the new system)- she's done that twice at two different places and it was a huge, process, 18 months minimum. So these EMR's have an enormous amount of lock-in.

The punchline is, in 2022 Oracle purchased Cerner, renamed it Oracle Health, and started accelerating the process of enshittifying it. I have to tip my hat to them, it's like their BizDev team found a market segment that had as much lock-in as SQL databases do, and are now trying to replicate all the evil tricks they learned from that in another market segment. Because what are hospitals but giant bags of money to be drained so Larry Ellison can buy another yacht?

replies(1): >>43538965 #
1. Spooky23 ◴[31 Mar 25 19:40 UTC] No.43538965[source]
True, but with one exception that I saw (Memorial Sloan Kettering), every EMR that isn’t Epic is a steaming pile. And I think MSK is switching.
replies(1): >>43539572 #
2. mandevil ◴[31 Mar 25 20:28 UTC] No.43539572[source]
Epic is my wife's favorite, for sure. Both of the switch-overs she was involved in were to Epic. They also cost more than the others.

One thing I have learned in my two decades of SWE'ing is how vitally important active competition is. One of the major competitors voluntarily taking themselves out of the competition so it can be sucked dry of value always seems to be good news for the market share, dominance, and profitability of the #1 in the market, and bad news for everyone's customers.

replies(1): >>43540529 #
3. senderista ◴[31 Mar 25 22:11 UTC] No.43540529[source]
As a health consumer, Epic is so dang slow that I wonder what it's like for medical professionals.