BARTS HEALTH NHS TRUST

Barts to take legal action over cyberattack

By Liz Wells 09 December 2025

Barts Health NHS Trust is taking legal action in an effort to stop criminal gang Cl0p publishing any of the patient and staff data stolen in ‘mass-exploitation’ of Oracle's E-Business Suite (EBS).

Barts to take legal action over cyberattack

Cl0p exploited a loophole in the Oracle E-business Suite software, which automates key business processes, and stole some files from a database containing invoices and posted them on the dark web. Oracle has since corrected the issue.

The stolen files include names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years.

Some former staff members are also listed because they left employment owing the trust for salary sacrifice or overpayment. Almost half of the potentially compromised files list suppliers of goods or services whose details are in the public domain.

The database also includes files relating to accounting services the trust provided since April 2024 to Barking, Havering and Redbridge University Hospitals NHS Trust.

The trust is taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone.

It is also working with NHS England, the National Cyber Security Centre, and the Metropolitan Police, and reported the breach to relevant regulators including the Information Commissioner's Office.

The trust's electronic patient record and clinical systems are not affected, and it is 'confident' that its core IT infrastructure is secure.

Barts Health NHS Trust said: ‘The theft occurred in August but there was no indication trust data was at risk until November when the files were posted on the dark web. To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web.

‘These details do not allow direct access to your accounts but could be used by criminals to trick you into sharing sensitive information or making payments. If you have any concerns or questions, please contact the trust data protection officer. For help on protecting your data, visit Stop! Think Fraud - How to stay safe from scams.

‘We are very sorry that this has happened and are taking steps with our suppliers to ensure that it could not happen again.'

Tags

Popular articles by Liz Wells

  1. Doncaster and Bassetlaw Teaching Hospitals selects new non-executive director
  2. Waiting list and longest waits down in Wales
  3. Trusts admit failing to assess impact of DHSC directive to cut agency staff
  4. Laws to speed up fitness to practise cases and rename PAs due this year

Related Articles

WORKFORCE
Damning report highlights failings of NHS subsidiary companies

Damning report highlights failings of NHS subsidiary companies

By Liz Wells 21 January 2026

Subsidiary companies (subcos) are failing to generate new business or income for the NHS, a new report finds.

DHSC

'Horrifying' rise in one- to three-day A&E waits for over 65s

By Lee Peart 21 January 2026

Shocking analysis by Age UK has revealed over 100,000 instances of over 65s waiting between 24 hours and 72 hours in A&E.

SCOTTISH GOVERNMENT

Scottish Government to invest over £2.4m to tackle gynaecological waiting times

By Liz Wells 21 January 2026

The Scottish Government has unveiled new plans to eliminate cervical cancer by 2040 and transform gynaecology services as part of the second phase of the Wom...

Popular articles by Liz Wells

  1. Doncaster and Bassetlaw Teaching Hospitals selects new non-executive director
  2. Waiting list and longest waits down in Wales
  3. Trusts admit failing to assess impact of DHSC directive to cut agency staff
  4. Laws to speed up fitness to practise cases and rename PAs due this year