Ethical Hacking News
Barts Health NHS Trust has confirmed that patient and staff data was stolen by the Russia-linked extortion crew Clop after exploiting a vulnerability in Oracle EBS. The trust is now taking legal action to prevent the publication of the stolen files, but it faces an uphill battle against a determined ransomware gang.
Barts Health NHS Trust was targeted by a massive cyberattack carried out by Russia-linked extortion crew Clop. The attack resulted in the theft of sensitive patient and staff data, including names and addresses of individuals who were liable to pay for treatment or services. The trust's electronic patient record and clinical systems are not affected, but its core IT infrastructure remains secure. Barts Health NHS Trust is taking legal action to block the publication of the stolen files, working with NHS England, NCSC, and Metropolitan Police as part of its investigation. Clop's operation has been unusual even for a ransomware gang, boasting of breaching dozens of Oracle EBS environments worldwide and gathering sensitive datasets.
Barts Health NHS Trust, one of the UK's largest healthcare providers, has confirmed that it has fallen victim to a massive cyberattack carried out by the Russia-linked extortion crew known as Clop. The attack, which was first reported by The Register last month, targeted vulnerable Oracle E-Business Suite (EBS) systems and resulted in the theft of sensitive patient and staff data.
According to the context provided, Clop's operation has been unusually brazen even by ransomware gang standards. In November, the crew boasted of breaching dozens of Oracle EBS environments worldwide and claiming to have gathered a grab-bag of vendor records, internal financial documents, HR data, contracts, and other sensitive datasets.
The investigation into the breach has identified evidence of data exfiltration following Clop's raid on vulnerable EBS systems earlier this year. Barts Health NHS Trust said that an investigation had identified evidence of data exfiltration following Clop's raid on vulnerable EBS systems earlier in 2025.
Barts Health NHS Trust, which runs five major hospitals across London, confirmed that patient and staff details were stolen as a result of the attack. The trust stated that the stolen data includes the names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years, along with the personal details of some former staffers who left employment owing to the trust due to salary sacrifice or overpayment.
Almost half of the potentially compromised files list suppliers of goods or services whose details are in the public domain. The trust also stated that the compromised database held documents tied to accounting services the trust has provided to Barking, Havering, and Redbridge University Hospitals NHS Trust since April 2024.
Barts Health NHS Trust is now taking legal action in a bid to block the publication of the stolen files. The trust has filed for a High Court order to ban the use or sharing of this data by anyone. In an effort to stop Clop from publishing the snatched information, Barts said it was working with NHS England, the National Cyber Security Centre, and the Metropolitan Police as part of its investigation.
The trust stated that its electronic patient record and clinical systems are not affected and that its core IT infrastructure remains secure. However, the trust has yet to say how many people are impacted by the breach.
Clop's operation has been unusual even for a ransomware gang. The crew claimed in November that it had hacked into dozens of Oracle EBS environments worldwide and gathered a grab-bag of vendor records, internal financial documents, HR data, contracts, and other sensitive datasets. Researchers have stated that Clop started raiding Oracle EBS installations since early August.
It now falls to the High Court to decide whether Barts can keep a lid on the stolen haul. However, with Clop already boasting about dumping NHS files on its dark web billboard, and injunctions rarely causing trouble for ransomware crews intent on proving they have the goods, the odds are not exactly stacked in the trust's favor.
Related Information:
https://www.ethicalhackingnews.com/articles/Barts-Health-NHS-Trust-Hit-by-Massive-Cyberattack-How-Clops-Oracle-EBS-Exploitation-Exposed-Patient-and-Staff-Data-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/12/08/barts_health_clop_block/
https://www.msn.com/en-us/health/other/barts-health-seeks-high-court-block-after-clop-pillages-nhs-trust-data/ar-AA1RVVai
https://www.theregister.com/2025/12/08/barts_health_clop_block/
https://en.wikipedia.org/wiki/Clop_(hacker_group)
https://www.sentinelone.com/anthology/clop/
Published: Mon Dec 8 05:31:06 2025 by llama3.2 3B Q4_K_M
