BARTS HEALTH NHS TRUST

Barts to take legal action over cyberattack

By Liz Wells 09 December 2025

Barts Health NHS Trust is taking legal action in an effort to stop criminal gang Cl0p publishing any of the patient and staff data stolen in ‘mass-exploitation’ of Oracle's E-Business Suite (EBS).

Barts to take legal action over cyberattack

Cl0p exploited a loophole in the Oracle E-business Suite software, which automates key business processes, and stole some files from a database containing invoices and posted them on the dark web. Oracle has since corrected the issue.

The stolen files include names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years.

Some former staff members are also listed because they left employment owing the trust for salary sacrifice or overpayment. Almost half of the potentially compromised files list suppliers of goods or services whose details are in the public domain.

The database also includes files relating to accounting services the trust provided since April 2024 to Barking, Havering and Redbridge University Hospitals NHS Trust.

The trust is taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone.

It is also working with NHS England, the National Cyber Security Centre, and the Metropolitan Police, and reported the breach to relevant regulators including the Information Commissioner's Office.

The trust's electronic patient record and clinical systems are not affected, and it is 'confident' that its core IT infrastructure is secure.

Barts Health NHS Trust said: ‘The theft occurred in August but there was no indication trust data was at risk until November when the files were posted on the dark web. To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web.

‘These details do not allow direct access to your accounts but could be used by criminals to trick you into sharing sensitive information or making payments. If you have any concerns or questions, please contact the trust data protection officer. For help on protecting your data, visit Stop! Think Fraud - How to stay safe from scams.

‘We are very sorry that this has happened and are taking steps with our suppliers to ensure that it could not happen again.'

Tags

Popular articles by Liz Wells

  1. Government must act on pay for 'neglected' NHS staff groups
  2. NHS England job cuts to hit women and BAME workers hardest, claims union
  3. BMA to ballot senior doctors in England for industrial action
  4. Humber Health Partnership wins funding for emergency vehicle charging facilities

Related Articles

MATERNITY
Family of girl who suffered severe brain injury at birth receive £28m in damages

Family of girl who suffered severe brain injury at birth receive £28m in damages

By Lee Peart 08 June 2026

The family of a girl who suffered severe brain injury at birth have received £28m in damages from Barking, Havering and Redbridge University Hospitals NHS Tr...

WORKFORCE

Operating theatre staff to strike over overtime pay cut

By Lee Peart 08 June 2026

Operating theatre staff at Bedfordshire Hospitals NHS Foundation Trust have voted to strike over a cut in overtime payments.

REGULATION

Oxford University Hospitals maternity care rated good

By Lee Peart 08 June 2026

Horton General Hospital and John Radcliffe Hospital have been rated good for maternity care.

Popular articles by Liz Wells

  1. Government must act on pay for 'neglected' NHS staff groups
  2. NHS England job cuts to hit women and BAME workers hardest, claims union
  3. BMA to ballot senior doctors in England for industrial action
  4. Humber Health Partnership wins funding for emergency vehicle charging facilities