NHS taking legal action after patient and staff data stolen in cyber attack

https://static.independent.co.uk/2025/04/28/18/12/nhs-logo-building-stock.jpeg?width=1200&auto=webp&trim=0%2C108%2C0%2C107

Barts Health NHS Trust is taking legal action against a criminal group after patient and staff data held by the trust was stolen.

The group, known as Cl0p, stole files from the database containing invoices and uploaded them to the dark web.

The files included the names and addresses of several people who were liable to pay for treatment or services at a Barts Health hospital over several years.

In a statement online, the trust said: “We are taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone.”

The data was stolen by Cl0P which targets major organisations around the world (Getty)

Cl0p is a prolific cybercriminal organisation, which has become a major cybersecurity threat across the world.

The trust said that while the details taken did not allow direct access to accounts, criminals could use the data against that person to obtain sensitive information or make payments.

The criminal group found a loophole in the trust’s automation software, which Oracle, the company responsible, has since corrected.

The personal information of former staff members who still owe money for salary sacrifice or overpayment could also have been taken, the trust said.

Any patients who want to know what personal information is at risk have been advised to review their invoices after receiving treatment.

Some data from Barking, Havering and Redbridge University Hospitals NHS Trusts may also have been compromised (PA Archive)

The cyber attack took place in August, but the trust was unaware its data was at risk until November, when the files were posted on the dark web.

So far, no data has been published on the general internet.

The trust is working with NHS England, the National Cyber Security Centre, and the Metropolitan Police.

The database also contained files relating to accounting services provided to Barking, Havering and Redbridge University Hospitals NHS Trust since April 2024. The trust said it was working with them to minimise harm.

Barts Health hospitals include St Bartholomew’s Hospital, the Royal London Hospital, Mile End hospital, Whipps cross hospital, and Newham hospital.

“We are very sorry that this has happened and are taking steps with our suppliers to ensure that it could not happen again,” the trust said.

NHS taking legal action after patient and staff data stolen in cyber attack

Friends will be on HBO Max for UK launch after leaving Netflix

This is the end of Eurovision

Madness live was like pub karaoke

Mohamed Salah scores as Liverpool unleash £270m new signings against Athletic

Tuesday’s briefing: Alexander Isak back in Toon as Liverpool parade new signings

Emma Raducanu adds Rafael Nadal’s former coach Francis Roig to team full-time

African nation plans to reintroduce death penalty for serious crimes

NHS taking legal action after patient and staff data stolen in cyber attack

Fox News’ Laura Ingraham insists that calling ICE agents ‘thugs’ is ‘borderline illegal’

Illegal drone shot down at nuclear submarine base

Pipe bomb suspect believed in 2020 election conspiracies, reports say, as new details about his background are revealed

Putin deepens economic ties with India after Modi talks risks reigniting row with Trump

Newsom’s trolling of Trump mocks his ‘Walk of Fame’ with pictures of sleepy president

Young woman narrowly avoids being snatched by masked men in Louisiana – turns out it’s ICE

Young people are turning on Trump, new poll shows

Trump joined by daughter Tiffany as FIFA awards him ‘peace prize’ ahead of World Cup draw: Live updates