A leading NHS trust has become the latest organization to notify about a data breach linked to its use of Oracle E-business Suite (EBS).
Barts Health said in an update on Friday that it is seeking a High Court order to prevent the sharing, publication or use of the breached data.
“A criminal group known as Cl0p stole some files from a database containing invoices and posted them on the dark web. The stolen files include names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years,” it explained.
“We are working with NHS England, the National Cyber Security Centre, and the Metropolitan Police, and reported the breach to relevant regulators including the Information Commissioner’s Office.”
Read more on Oracle EBS breach: GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack
The trust’s electronic patient records, clinical systems and core IT infrastructure are unaffected by the breach, although those affected could include suppliers, former employees and patients at other hospitals.
“Some former staff members are also listed because they left employment owing the trust for salary sacrifice or overpayment. Almost half of the potentially compromised files list suppliers of goods or services whose details are in the public domain,” the notice continued.
“The database also includes files relating to accounting services we provided since April 2024 to Barking, Havering and Redbridge University Hospi
Source: https://www.infosecurity-magazine.com/news/barts-health-high-court-ban-oracle/
Barts Health NHS Trust cybersecurity rating report: https://www.rankiteo.com/company/barts-health-nhs-trust
"id": "BAR1765187700",
"linkid": "barts-health-nhs-trust",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Suppliers, former '
'employees, '
'patients at other '
'hospitals, '
'individuals liable '
'for payment',
'industry': 'Healthcare',
'location': 'United Kingdom',
'name': 'Barts Health NHS Trust',
'size': None,
'type': 'Healthcare Trust'},
{'customers_affected': None,
'industry': 'Healthcare',
'location': 'United Kingdom',
'name': 'Barking, Havering and Redbridge '
'University Hospitals',
'size': None,
'type': 'Healthcare Trust'}],
'attack_vector': 'Exploitation of Oracle E-business Suite (EBS)',
'customer_advisories': 'Public notice issued',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': ['Invoices'],
'number_of_records_exposed': None,
'personally_identifiable_information': 'Names, '
'addresses',
'sensitivity_of_data': 'High (personally '
'identifiable '
'information)',
'type_of_data_compromised': 'Personal and '
'financial '
'information (names, '
'addresses, '
'invoices)'},
'description': 'A leading NHS trust notified about a data breach '
'linked to its use of Oracle E-business Suite '
'(EBS). The criminal group Cl0p stole files '
'containing invoices and posted them on the dark '
'web. The stolen files include names and '
'addresses of individuals liable for payment for '
'treatment or services at Barts Health hospitals '
'over several years.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'damage',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Names and addresses of '
'individuals liable for payment, '
'supplier details, former '
'employee details',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Oracle E-business Suite (EBS) '
'database'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': 'Yes',
'entry_point': 'Oracle E-business '
'Suite (EBS)',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'motivation': 'Data exfiltration and extortion',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Yes',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Barts Health NHS Trust Notice',
'url': None},
{'date_accessed': None,
'source': 'GlobalLogic Oracle EBS Breach Report',
'url': 'https://example.com/oracle-ebs-breach'}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'High Court order '
'sought',
'regulations_violated': ['UK Data '
'Protection '
'Act',
'GDPR'],
'regulatory_notifications': 'Information '
'Commissioner’s '
'Office '
'(ICO)'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public notice and High '
'Court order sought to '
'prevent data sharing',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': 'Yes',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': 'NHS England, National '
'Cyber Security Centre, '
'Metropolitan Police'},
'threat_actor': 'Cl0p',
'title': 'Barts Health NHS Trust Data Breach Linked to Oracle '
'EBS',
'type': 'Data Breach',
'vulnerability_exploited': 'Oracle EBS vulnerability'}