A major healthcare provider in England has confirmed a data breach after ransomware attackers exploited a previously unknown flaw in its Oracle business software.
Barts Health NHS Trust said cybercriminals linked to the Clop ransomware group accessed one of its databases after abusing a vulnerability in Oracle E business Suite. The attackers stole several years of invoice records. These files contain the full names and addresses of people who paid for treatment or other hospital services.
The breach also exposed information of former employees who owed money to the trust, along with details of suppliers whose information is already public. In addition, the compromised database held files related to accounting services that Barts has been providing since April 2024 to Barking Havering and Redbridge University Hospitals NHS Trust.
Cl0p ransomware has since published the stolen data on its leak portal on the dark web.
“The theft occurred in August, but there was no indication that trust data was at risk until November when the files were posted on the dark web,” Barts said.
“To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web.”
The trust added that it is seeking a High Court order to prevent the publication, use, or sharing of the leaked data, although such legal steps have limited practical impact once information is exposed.
Barts Health NHS Trust operates five hospitals across London. These are Mile End Hospital, Newham University Hospital, Royal London Hospital, St Bartholomew’s Hospital, and Whipps Cross University Hospital.
The Clop group has been actively exploiting a critical Oracle EBS vulnerability tracked as CVE 2025 61882 as a zero day flaw since early August. The campaign has led to data theft at organisations worldwide. Confirmed victims include Envoy Air, Harvard University, GlobalLogic, Washington Post, Logitech, Dartmouth College, the University of Pennsylvania, and the University of Phoenix.
Barts has reported the incident to the National Cyber Security Centre, the Metropolitan Police, and the Information Commissioner’s Office.
The trust said the attack did not affect its electronic patient records or clinical systems, and it remains confident that its core IT infrastructure is secure. Patients who have made payments to Barts have been advised to review their invoices and stay alert for suspicious messages asking for money or personal details.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
