Barts Health NHS Trust experienced a data breach where Clop ransomware actors stole sensitive files by exploiting a critical Oracle E-Business Suite vulnerability. The stolen data includes personal information of patients, former employees, and suppliers, with the breach now exposed on the dark web. #Clop #OracleCVE-2025-61882
Keypoints
- The Clop ransomware gang exploited a zero-day vulnerability in Oracle EBS (CVE-2025-61882) to steal data from Barts Health NHS Trust.
- The breach involved sensitive information such as full names, addresses, and payment details of patients and former staff.
- The stolen data was leaked on the dark web, though the organization reports limited risk to the public internet.
- Barts Health NHS Trust has alerted authorities including the ICO, Metropolitan Police, and National Cyber Security Centre.
- The attack did not impact electronic patient records or clinical systems, maintaining the core IT infrastructureโs security.