Barts Health NHS Data Breach Linked to Oracle Zero-Day Hack
▼ Summary
– Clop ransomware actors stole invoice files from Barts Health NHS Trust by exploiting a vulnerability in Oracle E-business Suite software.
– The stolen data includes the full names and addresses of individuals who paid for services, as well as information on former employees and suppliers.
– The compromised database also contained files related to accounting services provided to another NHS trust, Barking, Havering, and Redbridge University Hospitals.
– The stolen information was leaked on a dark web portal in November, though the trust states it has not been published on the general internet.
– Barts Health has reported the incident to authorities and states the attack did not impact its clinical systems or core IT infrastructure.
A significant data breach at Barts Health NHS Trust has been linked to a global cyberattack exploiting a critical software vulnerability. The incident involved the theft of invoice files from a database after hackers targeted a flaw in the organization’s Oracle E-business Suite. The stolen data includes the full names and addresses of individuals who paid for treatment or services at Barts Health hospitals over several years. Information pertaining to former employees with outstanding debts and some supplier details was also compromised.
The Clop ransomware gang, responsible for the attack, has published the stolen files on its dark web leak portal. Barts Health stated the theft occurred in August, but the trust only became aware of the risk in November when the data appeared online. Officials emphasized that, to date, the information has not been published on the general internet and remains confined to encrypted dark web channels, which they believe limits the overall risk.
In response, the healthcare provider is seeking a High Court order to prohibit the publication, use, or sharing of the exposed data, though such legal measures often have limited practical enforcement. The compromised database also contained files related to accounting services Barts provided to another NHS trust, Barking, Havering, and Redbridge University Hospitals, since April 2024.
The attack exploited a critical Oracle flaw, tracked as CVE-2025-61882, which Clop actors have been using as a zero-day since early August to steal data from numerous organizations worldwide. Other confirmed victims of this widespread campaign include major institutions like Harvard University, the Washington Post, Logitech, and several airlines and universities.
Barts Health, which operates five major London hospitals, has notified key authorities including the National Cyber Security Centre, the Metropolitan Police, and the Information Commissioner’s Office. The trust has assured patients and the public that the attack did not breach its electronic patient records or clinical systems, and it remains confident in the security of its core IT infrastructure.
The organization is advising individuals who have made payments to review their invoices to understand what personal data may have been exposed. They recommend remaining vigilant against unsolicited communications, particularly any messages requesting payment or sensitive personal information.
(Source: Bleeping Computer)
