LmCast :: Stay tuned in

Barts Health NHS discloses data breach after Oracle zero-day hack

Recorded: Dec. 5, 2025, 9:13 p.m.

Original Summarized

Barts Health NHS discloses data breach after Oracle zero-day hack

News

Featured
Latest

Critical React, Next.js flaw lets hackers execute code on servers

North Korea lures engineers to rent identities in fake IT worker scheme

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

Marquis data breach impacts over 74 US banks, credit unions

Barts Health NHS discloses data breach after Oracle zero-day hack

FBI warns of virtual kidnapping scams using altered social media photos

A Practical Guide to Continuous Attack Surface Visibility

EU fines X $140 million over deceptive blue checkmarks

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityBarts Health NHS discloses data breach after Oracle zero-day hack

Barts Health NHS discloses data breach after Oracle zero-day hack

By Bill Toulas

December 5, 2025
01:55 PM
0

Barts Health NHS Trust, a major healthcare provider in England, announced that Clop ransomware actors have stolen files from one of its databases after exploiting a vulnerability in its Oracle E-business Suite software.
The stolen data are invoices spanning several years that expose the full names and addresses of individuals who paid for treatment or other services at Barts Health hospital.
Information of former employees who owed money to the trust, and suppliers whose data is already public, has also been exposed, the organization says.
In addition to Barts' files, the compromised database include files concerning accounting services the trust provided since April 2024 to Barking, Havering, and Redbridge University Hospitals NHS Trust.
Cl0p ransomware has leaked the stolen information on their leak portal on the dark web.
"The theft occurred in August, but there was no indication that trust data was at risk until November when the files were posted on the dark web," explained Barts.
"To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web."
The hospitals operator stated that it is in the process of getting a High Court order to ban the publication, use, or sharing of the exposed data by anyone, though such orders have limited effect in practice.
Barts Health NHS Trust runs five hospitals throughout the city of London, namely Mile End Hospital, Newham University Hospital, Royal London Hospital, St Bartholomew's Hospital, and Whipps Cross University Hospital.
The Clop ransomware gang has been exploiting a critical Oracle EBS flaw tracked as CVE-2025-61882 as a zero-day in data theft attacks since early August, stealing private information from a large number of organizations worldwide.
Victims that have confirmed impact from Cl0p ransomware's campaign include Envoy Air, Harvard University, GlobalLogic, Washington Post, Logitech, Dartmouth College, the University of Pennsylvania, and the University of Phoenix.
Barts has already informed the National Cyber Security Centre, the Metropolitan Police, and the Information Commissioner's Office (ICO) about the data theft incident.
The healthcare organization assured that Clop's attack did not impact its electronic patient record and clinical systems, and it is confident that its core IT infrastructure remains secure.
Patients who have paid Barts are recommended to check their invoices to determine what data was exposed and to stay vigilant for unsolicited communications, especially messages that request payment or the sharing of sensitive information.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Get the guide

Related Articles:
Dartmouth College confirms data breach after Clop extortion attackClop extortion emails claim theft of Oracle E-Business Suite dataUniversity of Phoenix discloses data breach after Oracle hackUniversity of Pennsylvania confirms new data breach after Oracle hackHarvard investigating breach linked to Oracle zero-day exploit

Clop
Data Leak
Data Theft
Healthcare
Hospital
NHS
Oracle E-Business Suite
Ransomware

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

ChatGPT is down worldwide, conversations disappeared for users

Cloudflare down, websites offline with 500 Internal Server Error

Marquis data breach impacts over 74 US banks, credit unions

Sponsor Posts

Empowering IT teams with intelligence driven cyber threat research.

Overdue a password health-check? Audit your Active Directory for free

Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!

AI is a data-breach time bomb: Read the new report

What you’re overlooking to protect your business

  Upcoming Webinar

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2025 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now


Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Barts Health NHS Trust experienced a data breach following a zero-day exploit of a vulnerability in its Oracle E-Business Suite software, perpetrated by the Clop ransomware group. The breach, discovered in November 2025, involved the theft of invoices spanning several years, exposing the full names and addresses of individuals who had paid for treatment services at the trust’s five hospitals – Mile End, Newham, Royal London, St Bartholomew’s, and Whipps Cross – along with accounting services provided to Barking, Havering, and Redbridge University Hospitals NHS Trust since April 2024. The stolen data was subsequently leaked on the dark web by Clop.

The attackers exploited CVE-2025-61882, a critical flaw in Oracle E-Business Suite, starting in early August 2025. Clop has been responsible for numerous data theft attacks globally, targeting organizations such as Envoy Air, Harvard University, GlobalLogic, The Washington Post, Logitech, Dartmouth College, the University of Pennsylvania, and the University of Phoenix. Notably, Barts Health confirmed that the breach did not compromise its electronic patient record or core clinical systems, demonstrating a key element of risk mitigation.

The Information Commissioner’s Office (ICO), the National Cyber Security Centre (NCSC), and the Metropolitan Police have been informed of the incident. Barts Health is pursuing a High Court order to prevent the unauthorized publication, use, or sharing of the stolen data, though the efficacy of such orders is often limited.

While initial reports indicated no publicly available information related to the breach, Clop subsequently published the data, creating a risk for individuals who had patronized the hospitals. Patients are advised to scrutinize their invoices and remain vigilant against unsolicited communications requesting payment or personal information.

The incident highlights the ongoing risk posed by zero-day exploits and underscores the importance of proactive vulnerability management and robust cybersecurity practices, particularly within healthcare organizations that handle sensitive patient data. The extensive list of organizations impacted by Clop demonstrates the breadth of this threat actor’s capabilities and the potential consequences of unpatched systems.