In a recent announcement, Barts Health NHS Trust, a prominent healthcare provider in England, disclosed that files from one of its databases were stolen by Clop ransomware actors. This breach occurred after the exploitation of a vulnerability in the Oracle E-business Suite software utilized by the trust.

The compromised data includes invoices spanning several years, revealing the full names and addresses of individuals who have made payments for treatment or other services at Barts Health hospital. Furthermore, information regarding former employees who owed money to the trust and suppliers, whose data is already public, has also been exposed.

Aside from Barts Health files, the breached database also contains files related to accounting services provided by the trust to Barking, Havering, and Redbridge University Hospitals NHS Trust since April 2024.

The stolen information has been leaked by the Cl0p ransomware gang on their dark web leak portal. Although the theft occurred in August, it was not until November that the trust became aware of the risk when the files were posted online.

Barts Health NHS Trust is taking legal action to prevent the publication, use, or sharing of the exposed data. However, such measures may have limited effectiveness in practice.

The healthcare organization operates five hospitals in London: Mile End Hospital, Newham University Hospital, Royal London Hospital, St Bartholomew’s Hospital, and Whipps Cross University Hospital.

The Clop ransomware gang has been exploiting a critical Oracle EBS flaw (CVE-2025-61882) as a zero-day vulnerability in data theft attacks since August. Organizations worldwide, including Envoy Air, Harvard University, and the Washington Post, have reported being impacted by Cl0p ransomware.

Barts Health has reported the incident to the National Cyber Security Centre, the Metropolitan Police, and the Information Commissioner’s Office. The organization has reassured the public that its electronic patient record and clinical systems were not affected, and its core IT infrastructure remains secure.

Patients who have made payments to Barts Health are advised to review their invoices to identify any exposed data and remain cautious of unsolicited communications, especially those requesting payment or sensitive information.