NHS taking legal action after patient and staff data stolen in cyber attack
Barts Health NHS Trust is taking legal action against a criminal group following the theft of patient and staff data held by the trust.
The group known as Cl0p stole files from the database containing the invoices and uploaded them to the dark web.
The files contained the names and addresses of many people who were required to pay for treatment or services at Barts Health hospital over several years.
In an online statement, the Foundation said: “We are taking urgent action and are seeking a High Court order to prohibit the publication, use or sharing of this data by anyone.”
Cl0p is a prolific cybercriminal organization that has become a major cybersecurity threat worldwide.
The information obtained does not allow direct access to accounts, but criminals can use the data to obtain sensitive information or make payments against that person, the foundation said.
The criminal group found a loophole in the foundation’s automation software, which the company responsible, Oracle, later fixed.
The trust said personal information of former staff who were still owed money due to salary sacrifice or overpayment may also have been taken.
Patients who wanted to know what personal information was at risk were advised to review their bills after receiving treatment.
The cyberattack took place in August, but the foundation was not aware its data was at risk until November, when the files were published on the dark web.
So far no data has been published on the public internet.
The Foundation is working with NHS England, the National Cyber Security Center and the Metropolitan Police.
The database also included files relating to accounting services provided to Barking, Havering and Redbridge University Hospitals NHS Trust since April 2024. The foundation said it was working with them to minimize the damage.
Barts Health hospitals include St Bartholomew’s Hospital, Royal London Hospital, Mile End hospital, Whipps cross hospital and Newham hospital.
“We are very sorry that this has happened and are taking steps with our suppliers to ensure this does not happen again,” the trust said.
.png?trim=0,0,0,0&width=1200&height=800&crop=1200:800&w=390&resize=390,220&ssl=1 "Afghans brought to safety in UK have personal details leaked in fresh Ministry of Defence breach")