Article Details

Barts Health seeks High Court block after Clop pillages NHS trust data. Body confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul. Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop's mass-exploitation of Oracle's E-Business Suite (EBS), and says it is now taking legal action in an effort to stop the gang publishing any of the snatched information. The UK's largest NHS trust, which runs five major hospitals across London, said in a statement that an investigation had identified evidence of data exfiltration following Clop's raid on vulnerable EBS systems earlier this year. Barts said the stolen data includes the names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years, along with the personal details of some former staffers who left employment owing to the trust for salary sacrifice or overpayment. "Almost half of the potentially compromised files list suppliers of goods or services whose details are in the public domain," Barts added, noting that in addition to the trust's own files, the compromised database also held documents tied to accounting services the trust has provided to Barking, Havering, and Redbridge University Hospitals NHS Trust since April 2024. The trust said it is taking legal action in a bid to block the publication of the stolen files, saying: "We are taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone." "The theft occurred in August, but there was no indication that trust data was at risk until November when the files were posted on the dark web," said Barts. "To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web." Clop has spent much of 2025 monetizing a critical flaw in Oracle EBS that allowed unauthenticated data theft from unpatched systems. The Register first reported the NHS fallout last month, when the healthcare service confirmed it was investigating claims of a cyberattack by the Russia-linked extortion crew. Barts is now one of the highest-profile victims to confirm data exfiltration, joining a growing list of public bodies, universities, and other organizations caught in the blast radius. Last week, the University of Pennsylvania disclosed it was also compromised in the same Clop spree, telling regulators it had evidence that personal data had been siphoned during attacks on its Oracle estate.  Clop's operation has been unusually brazen even by ransomware gang standards. In November, the crew boasted of breaching dozens of Oracle EBS environments worldwide and claimed to have gathered a grab-bag of vendor records, internal financial documents, HR data, contracts, and other sensitive datasets.  According to researchers, the crew has been raiding Oracle EBS installations since early August, long before the database giant rushed out a fix for the vulnerability, tracked as CVE-2025-61882, on October 4. Barts says it is working with NHS England, the National Cyber Security Centre, and the Metropolitan Police as the investigation continues. The trust says its electronic patient record and clinical systems "are not affected" and that its core IT infrastructure remains secure, but it has not yet said how many people are impacted. It now falls to the High Court to decide whether Barts can keep a lid on the stolen haul. However, with Clop already crowing about dumping NHS files on its dark web billboard, and injunctions rarely causing trouble for a ransomware crew intent on proving it has the goods, the odds aren't exactly stacked in the trust's favor.