Overview
- The stolen files consist of multi‑year invoices exposing full names and addresses of people billed for treatment or services, plus some former staff debt records and supplier details.
- Barts says the theft occurred in August and was only identified in November when the data appeared on Cl0p’s leak portal, with no publication on the general internet reported to date.
- Investigators link the breach to exploitation of an Oracle E‑Business Suite zero‑day tracked as CVE‑2025‑61882, which Oracle has since patched.
- The compromised database also held accounting files tied to services Barts provided to Barking, Havering and Redbridge University Hospitals NHS Trust since April 2024.
- The trust has notified NHS England, the NCSC, the Metropolitan Police and the ICO, and it advises billed patients to review invoices and stay alert for fraud or phishing attempts.