Barts Health NHS Trust Takes Legal Action Over Stolen Patient Data
NHS Trust Sues Hackers After Patient Data Stolen

The Barts Health NHS Trust has launched urgent legal proceedings against a notorious cybercriminal gang after sensitive personal information belonging to patients and staff was stolen in a major data breach.

Details of the NHS Data Breach

The attack was carried out by the prolific international hacking group known as Cl0p. They exploited a vulnerability in the trust's automation software, which has since been fixed by the provider, Oracle. The criminals stole files from a database containing invoices and subsequently uploaded them to the dark web.

The compromised files included the names and addresses of individuals who were liable to pay for treatment or services at Barts Health hospitals over a period of several years. The trust also warned that personal details of former staff members who still owed money for salary sacrifice or overpayments may have been taken.

Timeline and Response to the Cyber Attack

Although the cyber attack itself took place in August 2025, the trust was not aware its data was at risk until November 2025, when the files appeared on the dark web. Barts Health is now seeking a High Court injunction to ban the publication, use, or sharing of the stolen data.

In an online statement, the trust said: “We are taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone.” They confirmed that, so far, none of the data has been published on the general internet.

The trust is working closely with NHS England, the National Cyber Security Centre (NCSC), and the Metropolitan Police in response to the incident. They have advised any patients concerned about what personal information is at risk to review their invoices from past treatments.

Wider Impact and Apology

The breach has also impacted another NHS trust. The compromised database contained files relating to accounting services provided to the Barking, Havering and Redbridge University Hospitals NHS Trust since April 2024. Barts Health stated it is collaborating with them to minimise any harm.

Barts Health NHS Trust manages several major London hospitals, including:

  • St Bartholomew’s Hospital
  • The Royal London Hospital
  • Mile End Hospital
  • Whipps Cross Hospital
  • Newham Hospital

The trust issued an apology, stating: “We are very sorry that this has happened and are taking steps with our suppliers to ensure that it could not happen again.” They emphasised that while the stolen details did not allow direct access to bank accounts, criminals could potentially use the information to socially engineer victims or attempt fraudulent payments.