Barts Health NHS Trust reports personal data breach

In a blog post, Barts Health NHS Trust has confirmed that a criminal group known as Cl0p stole personal patient and staff information, which has been posted on the dark web after hackers exploited a software vulnerability in the Oracle E-business Suite. The stolen files include names, addresses, and invoices of patients and staff who paid for services, alongside accounting files relating to Barking, Havering and Redbridge University Hospitals NHS Trust.

The Trust reported that its electronic patient records and core clinical systems were unaffected, and it remains "confident" in its core IT infrastructure. However, the Trust is taking urgent action, including seeking a High Court order to ban the publication, use, or sharing of the data. Barts Health is also working with the National Cyber Security Centre (NCSC), the Metropolitan Police, and has reported the breach to the Information Commissioner’s Office (ICO). 

Training Announcement: Freevacy offers a range of independent data protection qualifications from IAPP and BCS. Our certified courses are available at foundation and practitioner levels and cover multiple legal jurisdictions, data protection operations management, and the implementation of complex privacy solutions in technical environments. Find out more.