Barts Health NHS Confirms Data Breach Following Oracle Zero-Day Vulnerability Exploit

The Barts Health NHS Trust, which is among the largest healthcare providers in England, has announced a significant data breach that was a result of a critical zero-day flaw in its Oracle E-Business Suite software, which the Clop ransomware group exploited. They managed to take away the files containing sensitive data like that of patients and financial info.

What Data Was Stolen in the Barts Health Breach?

The database that was hacked contained a plethora of private information, including invoices spanning several years that indicate the full names and addresses of patients who had undergone treatments or received other services at Barts Health hospitals. Besides patient data, the compromised documents contained information on ex-employees who had financial obligations to the trust and information on suppliers that were already in the public domain.

Moreover, the breach impacted records of accounting services that Barts Health started providing to Barking, Havering, and Redbridge University Hospitals NHS Trust in April 2024. This signifies that the data leak not only affects Barts' internal processes but also has an impact on the operations of other NHS partner healthcare organizations.

Timeline of the Barts Health Oracle Zero-Day Attack

The month of the incident was August, however, it was not until November that Barts Health got to know about it when the stolen records were found on the dark web. The duration taken to identify the theft is a pointer to the seriousness of the zero-day vulnerability and to the complexity of the attack. Later, the Clop ransomware group released the stolen data by uploading it to their darknet leak portal which was open for everyone to access.

The Oracle EBS Zero-Day Vulnerability: CVE-2025-61882

Security experts disclosed the exploitation of a critical zero-day vulnerability found in Oracle EBS and identified as CVE-2025-61882. The vulnerability in question permitted the Clop ransomware group to carry out their activities attacking numerous enterprises in different countries since the beginning of August. Affected are those companies whose vital business operations heavily depend on Oracle E-Business Suite, as they could suffer intense security issues due to this vulnerability.

Other Major Organizations Affected by the Clop Ransomware Campaign

Apart from Barts Health, this zero-day exploit has also spread its impact to other organisations. The Clop ransomware gang has claimed that they have already struck big names such as Envoy Air, Harvard University, GlobalLogic, the Washington Post, Logitech, Dartmouth College, the University of Pennsylvania, and the University of Phoenix, thus confirming their attacks. The broad scope of their targeting reflects and underlines the severity, as well as the simplicity of the exploitation that the CVE-2025-61882 vulnerability offers.

Which NHS Hospitals Are Impacted?

Barts Health NHS Trust operates five major hospitals across London:

• Mile End Hospital

• Newham University Hospital

• Royal London Hospital

• St. Bartholomew's Hospital

• Whipps Cross University Hospital

Current Risk Assessment and Data Exposure

Barts Health says that the stolen information has not been made public on the internet. Only people who can get to the compressed files on the encrypted dark web are at risk of being exposed. This makes it a little less likely that a lot of people will see it right away, but the data is still at risk among dark web users and cybercriminal networks.

Barts Health's Response to the Data Breach

Barts Health has begun taking steps to ensure that it remains in the same place as before the hack. In addition, the institution is asking for a ruling from the High Court which would forbid the leaking, using, and sharing of the information. Such legal actions are always included in a typical response plan but are not less useful in case of leaking happening on the dark web where sometimes even tech experts cannot restore the situation and the response cannot be effective at all.

The NHS trust has informed the most important organizations about the attack such as the National Cyber Security Centre, Metropolitan Police, and the Information Commissioner's Office (ICO). This ensures that the incident will be completely monitored and investigated.

Reassurance on Clinical Systems and Patient Safety

Barts Health stated that the Clop attack did not affect its electronic patient record (EPR) systems or the clinical infrastructure. The organization continues to hold great confidence in the safety and efficacy of its main IT infrastructure, which would then allow the patient care systems and clinical operations to run smoothly without any problems.

What Patients Should Do Following the Barts Health Data Breach

Patients that have spent money for their treatment at Barts Health must take necessary precautions to guard themselves:

• Minor mistakes on the invoices can result in the exposure of personal data, thus it is important to scrutinize every detail of the bill from the hospital.

• Messages that one did not expect to receive, particularly those which request payment or private data, should be watched out for.

• In the midst of data breaches, phishing and social engineering attacks are common, hence, people should be concerned about this and always verify if the communication is genuine.

• If you are anxious about losing your money, you might want to consider implementing fraud alerts or signing up for credit monitoring services.

The Broader Implications of the Oracle Zero-Day Threat

The vulnerability, CVE-2025-61882, is a clear indicator of the serious security issues that healthcare institutions and other companies using legacy enterprise software still face. The long period between the initial exploit in August and the detection in November illustrates the difficult task of identifying advanced ransomware activities in intricate medical IT systems.

To avoid such occurrences in the future, firms employing Oracle E-Business Suite should prioritize security patching as their main concern and enhance monitoring for unusual data access patterns.