Overview
- Barts Health is pursuing an urgent High Court order to ban the publication, use or sharing of the stolen files and has notified NHS England, the NCSC, the Metropolitan Police and the ICO.
- The exfiltrated data includes names and addresses tied to invoices for people who paid for services, records of former staff with outstanding amounts, supplier listings and accounting files for BHRUT dating from April 2024.
- Theft occurred in August and was discovered when files appeared on the dark web in November, with no material posted on the open internet and access limited to encrypted archives.
- The trust says electronic patient records, clinical systems and core IT infrastructure are unaffected, though it warns of heightened risks of identity fraud and targeted phishing.
- Researchers attribute the breach to Clop’s exploitation of Oracle E‑Business Suite CVE‑2025‑61882 since early August, a campaign affecting roughly 100 organizations before Oracle issued a fix on October 4.