Barts Health NHS discloses data breach after Oracle zero-day hack

Barts Health NHS Trust, a big UK hospital operator, just fessed up to a data breach where the Clop ransomware gang exploited a nasty zero-day flaw in Oracle’s E-business Suite (CVE-2025-61882) to swipe sensitive files, including patient invoices with full names and addresses from as far back as several years ago, plus details on former staff and suppliers. This mess also spilled over to affect accounting data for another NHS trust, Barking, Havering, and Redbridge, which got dragged into the chaos via shared services. While Barts claims their core patient systems are untouched and they’re scrambling for a High Court injunction to block further leaks, this incident highlights how Clop’s global rampage has hit everyone from airlines to universities, underscoring the perils of unpatched vulnerabilities. For SMBs and MSPs juggling similar tech stacks, this is a stark reminder to prioritize regular vulnerability scans and IAM hygiene to avoid becoming the next easy target—don’t wait for hackers to play doctor with your data. Oh, and if you’re a affected patient, keep a sharp eye on your inbox for phishing scams; better yet, treat every unsolicited message like it’s from a dodgy relative asking for crypto.

Source: https://www.bleepingcomputer.com/news/security/barts-health-nhs-discloses-data-breach-after-oracle-zero-day-hack/