Barts Health NHS Trust confirmed Cl0p ransomware exploited Oracle E-Business Suite, stealing invoice-related data
Exposed info includes names, addresses, and patient and former staff records
Trust says systems remain secure, seeks High Court order to block data use
Barts Health NHS Trust is the latest organization to confirm it has suffered a ransomware attack through the Oracle E-Business Suite vulnerability.
In a data breach notification letter posted late last week, the organization said that the infamous ransomware group Cl0p used the E-Business Suite bug in August to breach IT infrastructure and access a database “containing invoices”.
The breach wasn’t spotted until recently, when Cl0p published the stolen data on the dark web. That data, according to the Trust, includes people’s names and addresses, as well as data “relating to accounting services provided since April 2024 to Barking, Havering and Redbridge University Hospitals NHS Trust”.
Catch the price drop- Get 30% OFF for Enterprise and Business plans The Black Friday campaign offers 30% off for Enterprise and Business plans for a 1- or 2-year subscription. It’s valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer.
Urgent action
Patients, and former staff members, seem to be among those affected, but it's not yet known exactly how many individuals have had their data stolen. Barts says its electronic patient record and clinical systems were not af
Barts Health NHS Trust cybersecurity rating report: https://www.rankiteo.com/company/barts-health-nhs-trust
"id": "BAR1765216474",
"linkid": "barts-health-nhs-trust",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients and '
'former staff '
'members',
'industry': 'Healthcare',
'location': 'United Kingdom',
'name': 'Barts Health NHS Trust',
'size': None,
'type': 'Healthcare'}],
'attack_vector': 'Exploitation of Oracle E-Business Suite '
'vulnerability',
'customer_advisories': 'Data breach notification letter posted '
'to affected individuals',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Invoice-related '
'data',
'Names',
'Addresses',
'Patient records',
'Former staff '
'records']},
'description': 'Barts Health NHS Trust confirmed that the Cl0p '
'ransomware group exploited a vulnerability in '
'Oracle E-Business Suite to steal invoice-related '
'data, including names, addresses, and records of '
'patients and former staff. The breach was '
'detected after Cl0p published the stolen data on '
'the dark web. The Trust asserts that its systems '
'remain secure and is seeking a High Court order '
'to block the use of the stolen data.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Invoice-related data, names, '
'addresses, patient and former '
'staff records',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Database containing invoices'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Oracle E-Business '
'Suite vulnerability',
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Exploitation of '
'Oracle E-Business '
'Suite vulnerability'},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Yes',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'Cl0p'},
'references': [{'date_accessed': None,
'source': 'Data breach notification letter',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Seeking High Court '
'order to block data '
'use',
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Data breach notification '
'letter posted',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Cl0p',
'title': 'Cl0p Ransomware Exploits Oracle E-Business Suite at '
'Barts Health NHS Trust',
'type': 'Ransomware',
'vulnerability_exploited': 'Oracle E-Business Suite '
'vulnerability'}