BARTS HEALTH NHS TRUST

Barts to take legal action over cyberattack

By Liz Wells 09 December 2025

Barts Health NHS Trust is taking legal action in an effort to stop criminal gang Cl0p publishing any of the patient and staff data stolen in ‘mass-exploitation’ of Oracle's E-Business Suite (EBS).

Barts to take legal action over cyberattack

Cl0p exploited a loophole in the Oracle E-business Suite software, which automates key business processes, and stole some files from a database containing invoices and posted them on the dark web. Oracle has since corrected the issue.

The stolen files include names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years.

Some former staff members are also listed because they left employment owing the trust for salary sacrifice or overpayment. Almost half of the potentially compromised files list suppliers of goods or services whose details are in the public domain.

The database also includes files relating to accounting services the trust provided since April 2024 to Barking, Havering and Redbridge University Hospitals NHS Trust.

The trust is taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone.

It is also working with NHS England, the National Cyber Security Centre, and the Metropolitan Police, and reported the breach to relevant regulators including the Information Commissioner's Office.

The trust's electronic patient record and clinical systems are not affected, and it is 'confident' that its core IT infrastructure is secure.

Barts Health NHS Trust said: ‘The theft occurred in August but there was no indication trust data was at risk until November when the files were posted on the dark web. To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web.

‘These details do not allow direct access to your accounts but could be used by criminals to trick you into sharing sensitive information or making payments. If you have any concerns or questions, please contact the trust data protection officer. For help on protecting your data, visit Stop! Think Fraud - How to stay safe from scams.

‘We are very sorry that this has happened and are taking steps with our suppliers to ensure that it could not happen again.'

Tags

Popular articles by Liz Wells

  1. Member appointed to NHS Tayside board
  2. Aneurin Bevan University Health Board welcomes new chair
  3. Government boosts nursing funding for better community care
  4. Buckinghamshire Healthcare confirms substantive appointment

Related Articles

PREVENTION
BREAKING NEWS: Health leaders brief London Assembly on measles outbreak response

BREAKING NEWS: Health leaders brief London Assembly on measles outbreak response

By Lee Peart 09 March 2026

Health leaders from the NHS, UK Health Security Agency (UKHSA) and local councils today briefed the London Assembly on how their response to a current measle...

PUBLIC HEALTH

Embedding a research culture within healthcare organisations: Why and how?

By Lee Peart 09 March 2026

Embedding a research culture within healthcare organisations: Why and how?

INTEGRATED CARE

NHS England confirms commissioning transfer delay to ICBs

By Lee Peart 09 March 2026

NHS England has confirmed a one-year delay in the transfer of some commissioning functions to ICBs to April 2027.

Popular articles by Liz Wells

  1. Member appointed to NHS Tayside board
  2. Aneurin Bevan University Health Board welcomes new chair
  3. Government boosts nursing funding for better community care
  4. Buckinghamshire Healthcare confirms substantive appointment