BARTS HEALTH NHS TRUST

Barts to take legal action over cyberattack

By Liz Wells 09 December 2025

Barts Health NHS Trust is taking legal action in an effort to stop criminal gang Cl0p publishing any of the patient and staff data stolen in ‘mass-exploitation’ of Oracle's E-Business Suite (EBS),

Barts to take legal action over cyberattack

Cl0p exploited a loophole in the Oracle E-business Suite software, which automates key business processes, and stole some files from a database containing invoices and posted them on the dark web. Oracle has since corrected the issue.

The stolen files include names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years.

Some former staff members are also listed because they left employment owing the trust for salary sacrifice or overpayment. Almost half of the potentially compromised files list suppliers of goods or services whose details are in the public domain.

The database also includes files relating to accounting services the trust provided since April 2024 to Barking, Havering and Redbridge University Hospitals NHS Trust.

The trust is taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone.

It is also working with NHS England, the National Cyber Security Centre, and the Metropolitan Police, and reported the breach to relevant regulators including the Information Commissioner's Office.

The trust's electronic patient record and clinical systems are not affected, and it is 'confident' that its core IT infrastructure is secure.

Barts Health NHS Trust said: ‘The theft occurred in August but there was no indication trust data was at risk until November when the files were posted on the dark web. To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web.

‘These details do not allow direct access to your accounts but could be used by criminals to trick you into sharing sensitive information or making payments. If you have any concerns or questions, please contact the trust data protection officer. For help on protecting your data, visit Stop! Think Fraud - How to stay safe from scams.

‘We are very sorry that this has happened and are taking steps with our suppliers to ensure that it could not happen again.'

Tags

Popular articles by Liz Wells

  1. NHS Fife 'harassed' nurse in trans changing room row, tribunal rules
  2. NHS Supply Chain to supply 28 cutting-edge radiotherapy machines in 2025/26
  3. South East London ICB selects chief nursing officer
  4. Industrial action at Bassetlaw Hospital set to continue

Related Articles

DHSC
Initial maternity review impressions 'much worse than anticipated'

Initial maternity review impressions 'much worse than anticipated'

By Lee Peart 09 December 2025

Baroness Amos, chair of the independent National Maternity and Neonatal Investigation, has said her initial impressions are ‘much worse than I anticipated’.

REGULATION

Resident doctors relocated over culture, education and training concerns

By Lee Peart 09 December 2025

NHSE has relocated resident doctors at Basildon University Hospital following a review that revealed ‘multiple significant patient safety concerns’ and areas...

WORKFORCE

Industrial action at Bassetlaw Hospital set to continue

By Liz Wells 08 December 2025

Strike action by intensive care nurses at Bassetlaw Hospital is set to escalate across December.

Popular articles by Liz Wells

  1. NHS Fife 'harassed' nurse in trans changing room row, tribunal rules
  2. NHS Supply Chain to supply 28 cutting-edge radiotherapy machines in 2025/26
  3. South East London ICB selects chief nursing officer
  4. Industrial action at Bassetlaw Hospital set to continue