Dec 7
/
Latest News
Cl0p Ransomware Breach Hits Barts Health NHS Trust
London - Barts Health NHS Trust has confirmed that the Russian-speaking Cl0p ransomware group stole files from one of its invoice databases after exploiting a vulnerability in Oracle E-Business Suite. The breach exposed sensitive financial records linked to payments for treatment and services, with some data stretching back several years.
Hackread.com first reported the incident in November, noting that Cl0p had leaked 241 GB of NHS data on its hidden site shortly after claiming responsibility for a wider campaign targeting healthcare providers.
According to Barts’ official statement, the stolen material includes:
• Names and addresses of patients billed for care
• Records of former staff with unresolved salary issues
• Payment details for suppliers (most of which are already public)
The Trust emphasized that clinical systems and patient medical records were not affected. However, files connected to accounting services provided to Barking, Havering and Redbridge University Hospitals NHS Trust since April 2024 were also compromised. Patients are being advised to review any invoices they received to determine if their data was involved.
The breach occurred in August but went undetected until November, when the stolen files surfaced on Cl0p’s dark web leak site. Oracle has since patched the exploited flaw. Barts has reported the incident to NHS England, the National Cyber Security Centre, the Metropolitan Police, and data regulators. The Trust is also seeking a High Court order to block further circulation of the stolen data.
Rising Tide of Ransomware Against UK Health Services
The Barts incident adds to a growing list of ransomware attacks on NHS organizations. In recent months, the Qilin ransomware group released patient records on private channels after breaching an NHS supplier, disrupting emergency care in London. Staff later linked one of those disruptions to the death of a patient.
In Scotland, the INC group claimed to have stolen several terabytes of patient files, later releasing the material on hidden forums while issuing threats against UK health services.
These attacks share common traits: exploiting vulnerabilities in widely used enterprise systems, targeting administrative data, and leveraging stolen information for extortion or fraud. Even when clinical systems remain intact, the fallout places heavy strain on staff who must rebuild trust and manage fraud risks for affected patients.
Risks Beyond Clinical Records
While the Barts breach involved invoice data rather than medical records, experts warn that such information can still fuel social engineering and payment fraud. Cybercriminals often exploit basic personal details to impersonate patients or suppliers.
Barts Health NHS Trust is directing individuals to the Stop Think Fraud initiative for guidance and urging anyone with concerns to contact its data protection officer.
Hackread.com first reported the incident in November, noting that Cl0p had leaked 241 GB of NHS data on its hidden site shortly after claiming responsibility for a wider campaign targeting healthcare providers.
According to Barts’ official statement, the stolen material includes:
• Names and addresses of patients billed for care
• Records of former staff with unresolved salary issues
• Payment details for suppliers (most of which are already public)
The Trust emphasized that clinical systems and patient medical records were not affected. However, files connected to accounting services provided to Barking, Havering and Redbridge University Hospitals NHS Trust since April 2024 were also compromised. Patients are being advised to review any invoices they received to determine if their data was involved.
The breach occurred in August but went undetected until November, when the stolen files surfaced on Cl0p’s dark web leak site. Oracle has since patched the exploited flaw. Barts has reported the incident to NHS England, the National Cyber Security Centre, the Metropolitan Police, and data regulators. The Trust is also seeking a High Court order to block further circulation of the stolen data.
Rising Tide of Ransomware Against UK Health Services
The Barts incident adds to a growing list of ransomware attacks on NHS organizations. In recent months, the Qilin ransomware group released patient records on private channels after breaching an NHS supplier, disrupting emergency care in London. Staff later linked one of those disruptions to the death of a patient.
In Scotland, the INC group claimed to have stolen several terabytes of patient files, later releasing the material on hidden forums while issuing threats against UK health services.
These attacks share common traits: exploiting vulnerabilities in widely used enterprise systems, targeting administrative data, and leveraging stolen information for extortion or fraud. Even when clinical systems remain intact, the fallout places heavy strain on staff who must rebuild trust and manage fraud risks for affected patients.
Risks Beyond Clinical Records
While the Barts breach involved invoice data rather than medical records, experts warn that such information can still fuel social engineering and payment fraud. Cybercriminals often exploit basic personal details to impersonate patients or suppliers.
Barts Health NHS Trust is directing individuals to the Stop Think Fraud initiative for guidance and urging anyone with concerns to contact its data protection officer.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2025 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.