A criminal group known as Cl0p stole files from a Barts Health NHS Trust database
Personal patient and staff information has been posted on the dark web after hackers exploited a software vulnerability at Barts Health NHS Trust.
The criminal group, known as Cl0p, stole files from the trust’s database in August 2025, including names, addresses, and invoices of patients and staff who had paid for treatment or services over several years.
It also included files relating to accounting services provided since April 2024 to Barking, Havering and Redbridge University Hospitals NHS Trust.
In a statement, Barts Health said that its electronic patient record and clinical systems have not been affected by the attack and it is “confident” that its core IT infrastructure is secure.
“We are taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone.
“The syndicate exploited a loophole in the Oracle E-business Suite software, which automates key business processes. This impacted many organisations across the world, and Oracle has since corrected the issue.
“We are working with NHS England, the National Cyber Security Centre, and the Metropolitan Police, and reported the breach to relevant regulators including the Information Commissioner’s Office,” the trust said.
It added that there was no indication that trust data was at risk until November when the files were posted online.
“To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web,” the trust said.
It added that it is “taking steps with our suppliers to ensure that it could not happen again”.
Digital Health News contacted Oracle for comment.
Commenting on the incident, cyber security expert Saif Abed, founding partner at the AbedGraham Group, said: “Trusts are overwhelmingly being compromised because of their vulnerable supply chains.
“This can yield access to highly valuable data to be traded by cybercrime gangs. Whether that’s admin credentials to facilitate ransomware attacks or personal information to drive fraud and extortion, it can all be very lucrative.
“The NHS’s track record of being successfully targeted time and time again, which is publicly known, makes it an obvious target.
“The fact that it is a part of national critical infrastructure makes it increasingly a geopolitical target too.”
“Government needs to enforce the UK Cyber Security and Resilience Bill as soon as possible to make sure suppliers to the NHS are fit for purpose when it comes to cyber-resiliency.”
Barts Health was previously affected by a cyber incident in July 2023, when it appeared on the dark web victim blog of Russian ransomware gang BlackCat, which claimed to have stolen more than seven terabytes of sensitive data.
In November 2024, Barts Health rolled out a healthcare-focused cyber security platform from Cynerio across all of its sites to strengthen its defences against the threat of cyber attacks.
Meanwhile, pathology supplier Synnovis is contacting NHS organisations which had data stolen and published online following a major cyber attack in June 2024, which led to a patient death and disrupted services throughout London.