Fraud Management & Cybercrime,
Geo Focus: The United Kingdom,
Geo-Specific
Clop Ransomware Group Targets NHS Barts Health in August
The U.K. High Court is being petitioned by NHS Barts Health to prevent a potential data leak linked to a ransomware breach. The hospital announced that the Clop ransomware group compromised its network in August and subsequently posted sensitive data on a dark web portal.
NHS Barts Health, based in London, has made known the nature of the breach, stating that while the core IT infrastructure remains intact, attackers gained access to invoice data that contains names and addresses of patients and staff accountable for payments. This incident has implications beyond just NHS Barts Health, affecting information also linked to Barking, Havering and Redbridge University Hospitals NHS Trusts.
The hospital emphasized its proactive steps, stating, “We are taking urgent action and seeking a High Court order to restrict the publication, usage, or dissemination of this data by any party.” This move underscores the risk that such information could be exploited to manipulate victims into disclosing additional sensitive information or compelling them to make payments.
A spokesperson from the National Cyber Security Centre remarked that they are collaborating with NHS Barts Health and NHS England to assess the incident’s full repercussions. Furthermore, NHS England confirmed that no other hospitals were affected by the August breach involving Clop.
The Clop group, also referred to as Cl0p, is notorious for leveraging zero-day vulnerabilities in secure managed file-transfer software to conduct mass data theft. Specifically, NHS Barts Health revealed that the group had taken advantage of security loopholes within its Oracle E-Business Suite, an enterprise resource planning and customer relationship management application. Clop initiated its campaign with a zero-day exploit that was disclosed on September 29, subsequently demanding cryptocurrency ransoms as high as $50 million.
This incident is a part of a growing trend of ransomware attacks increasingly targeting IT suppliers, often causing significant operational disruptions. The 2024 attack on Synnovis, a provider of medical laboratory services for NHS hospitals, exemplified this trend, leading to postponed patient appraisals and a nationwide blood shortage.
In response to these rising cybersecurity threats, NHS England has introduced voluntary commitments for healthcare IT suppliers, advocating for initiatives such as systematic IT systems patch management and timely incident reporting. Such measures aim to fortify defenses and safeguard sensitive data across healthcare institutions.
