"Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop's mass-exploitation of Oracle's E-Business Suite (EBS), and says it is now taking legal action in an effort to stop the gang publishing any of the snatched information. The UK's largest NHS trust, which runs five major hospitals across London, said in a statement that an investigation had identified evidence of data exfiltration following Clop's raid on vulnerable EBS systems earlier this year."
"Barts said the stolen data includes the names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years, along with the personal details of some former staffers who left employment owing to the trust for salary sacrifice or overpayment. "Almost half of the potentially compromised files list suppliers of goods or services whose details are in the public domain," Barts added, noting that in addition to the trust's own files, the compromised database also held documents tied to accounting services the trust has provided to Barking, Havering, and Redbridge University Hospitals NHS Trust since April 2024."
""The theft occurred in August, but there was no indication that trust data was at risk until November when the files were posted on the dark web," said Barts. "To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web." Clop has spent much of 2025 monetizing a critical flaw in Oracle EBS that allowed unauthenticated data theft from unpatched systems."
Barts Health NHS Trust confirmed that patient and staff personal data were stolen after Clop exploited vulnerabilities in Oracle's E-Business Suite. The stolen information includes names and addresses of individuals liable for treatment and personal details of some former staff who left owing money for salary sacrifice or overpayment. Almost half of the potentially compromised files list suppliers whose details are publicly available. The compromised database also contained documents tied to accounting services provided to another NHS trust since April 2024. The trust is pursuing urgent High Court action to ban publication, use, or sharing of the data. The files surfaced on the dark web in November.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]