Overview
- Cl0p exploited CVE-2025-61882 in Oracle E‑Business Suite to access a Barts Health database, with Oracle now having corrected the flaw.
- The intrusion occurred in August and was identified in November when the files appeared on the group’s dark‑web leak site.
- Exposed data comprises invoices listing full names and addresses of people who paid for treatment, plus details of some former employees who owe money.
- Barts says the data does not provide direct account access but could be abused for fraud, and it has alerted NHS England, the NCSC, the Metropolitan Police and the ICO.
- No information has surfaced on the general internet, core clinical systems are unaffected, and the trust is coordinating with Barking, Havering and Redbridge over related accounting files.