Barts Health NHS Trust, a major healthcare provider in England, announced that Clop ransomware actors have stolen files from one of its databases after exploiting a vulnerability in its Oracle E-business Suite software.
The stolen data are invoices spanning several years that expose the full names and addresses of individuals who paid for treatment or other services at Barts Health hospital.
Information of former employees who owed money to the trust, and suppliers whose data is already public, has also been exposed, the organization says.
In addition to Barts' files, the compromised database include files concerning accounting services the trust provided since April 2024 to Barking, Havering, and Redbridge University Hospitals NHS Trust.
Cl0p ransomware has leaked the stolen information on their leak portal on the dark web.
"The theft occurred in August, but there was no indication that trust data was at risk until November when the files were posted on the dark web," explained Barts.
"To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web."
The hospitals operator stated that it is in the process of getting a High Court order to ban the publication, use, or sharing of the exposed data by anyone, though such orders have limited effect in practice.
Barts Health NHS Trust runs five hospitals throughout the city of London, namely Mile End Hospital, Newham University Hospital, Royal London Hospital, St Bartholomew's Hospital, and Whipps Cross University Hospital.
The Clop ransomware gang has been exploiting a critical Oracle EBS flaw tracked as CVE-2025-61882 as a zero-day in data theft attacks since early August, stealing private information from a large number of organizations worldwide.
... continue reading