Key Facts: Barts Health NHS Trust data breach and security incident overview
Start continuous breach monitoring with UpGuard
What happened in the Barts Health NHS Trust data breach?
On December 5, 2025, Barts Health NHS Trust disclosed a data breach involving the Clop ransomware group, who exploited a zero-day vulnerability in the organization's Oracle E-Business Suite software. According to the disclosure, the incident resulted in the theft of invoices containing full names and physical addresses of individuals who had paid for services at the hospital.
While the initial compromise occurred on July 31, 2025, and continued through August, the breach was not confirmed until November 2025 when the stolen data appeared on a dark web leak site. Barts Health NHS Trust has characterized the event as a significant security incident involving "data theft" rather than just encryption. In response to the leak, the trust is currently seeking a High Court order to prevent further publication or sharing of the stolen invoice data.
Who is behind the incident?
The attack has been attributed to Clop (also known as Cl0p), a sophisticated ransomware-as-a-service (RaaS) gang believed to be operating out of Russia. Active since 2019 and often linked to the TA505 cybercrime group, Clop is notorious for exploiting zero-day vulnerabilities in enterprise file transfer and management software (such as previous campaigns targeting MOVEit and Accellion). The group typically employs a "double extortion" tactic, where they not only encrypt systems but also steal sensitive data to threaten public release if a ransom is not paid.
Related data breaches and security incidents
- The MOVEit Zero-Day Vulnerability: How to Respond
- 14 Biggest Healthcare Data Breaches [Updated 2025]
- When ERP Systems Become the Attack Surface
Impact and risks for Barts Health NHS Trust customers
For patients and individuals associated with Barts Health NHS Trust, this breach presents specific privacy risks. The theft of invoices containing names and physical addresses creates a vector for targeted phishing attacks and identity fraud. While the report currently lists only names and addresses, the financial nature of "invoices" suggests a potential risk of billing fraud or social engineering scams where attackers might pose as hospital staff to demand payments.
In similar incidents where physical address data is exposed, victims have faced increased risks of mail fraud and highly personalized scam attempts. Barts Health NHS Trust has stated they are taking legal action to contain the data, but individuals should remain vigilant. Continued transparency from the organization regarding exactly which individuals were affected will be critical in mitigating downstream fraud risks.
How to protect against similar security incidents
- Maintain timely patching and vulnerability management: Ensure all internet-facing enterprise software (like Oracle E-Business Suite) is updated immediately when patches or vendor mitigations for zero-day flaws are released.
- Use unique passwords and enable multi-factor authentication: Protect all critical access points with MFA to prevent attackers from moving laterally even if they exploit a software vulnerability.
- Set up dark web and data leak monitoring: Implement automated detection to identify if your organization's credentials or proprietary data appear on underground leak sites early in the attack lifecycle.
Secure your attack surface before the next incident. Scan your domain for vulnerabilities in minutes.
Frequently Asked Questions
What happened in the Barts Health NHS Trust security breach?
On December 5, 2025, Barts Health NHS Trust disclosed a security breach. According to initial reports, Clop ransomware actors exploited a vulnerability in Oracle E-business Suite software, leading to the theft of invoices containing full names and addresses.
When did the Barts Health NHS Trust breach occur?
The Barts Health NHS Trust breach was publicly reported on December 5, 2025. However, the incident occurred earlier, with the initial compromise traced back to July 31, 2025.
What data was exposed in the Barts Health NHS Trust incident?
The confirmed exposed data includes full names and physical addresses found on stolen invoices. Barts Health NHS Trust has not disclosed if other financial details were included in those invoices.
Is my personal information at risk?
If you paid for services at Barts Health NHS Trust prior to August 2025, there is a possibility your personal information is affected. While specific financial account numbers have not been confirmed as leaked, the exposure of names and addresses typically increases the risk of identity fraud.
How can I protect myself after a data breach?
Take these steps immediately after learning of a breach:
- Be cautious of phishing attempts that may reference the breach or unpaid bills.
- Monitor your financial statements and credit activity closely for unusual charges.
- Use breach monitoring tools to detect if your data appears on the dark web.
Don't wait to become the next news headline. Start detecting your data breach risks now.
.jpg)
