Fraud Management & Cybercrime
,
Geo Focus: The United Kingdom
,
Geo-Specific
Clop Ransomware Group Targeted NHS Barts Health in August
A National Health Service hospital is seeking assistance from the U.K. High Court to stymie a potential data leak tied to a ransomware hack.
See Also: Palo Alto Networks is Plotted as a Leader
The NHS Barts Health hospital in London on Friday said ransomware group Clop targeted its network in August. The hospital said the group accessed data, which the group posted to its darkweb portal.
“We are taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone,” the hospital said.
The hackers did not compromise its “core IT infrastructure,” but accessed invoice data that consisted of names and addresses of patients and staff liable for payments, said NHS Barts Health, which runs five hospitals and is one of the largest trusts in England. The database also contained information related to Barking, Havering and Redbridge University Hospitals NHS Trusts.
The hospital warned that the attackers could use the data to trick breach victims into sharing sensitive information or making payments.
“We are working with Barts Health NHS Trust and NHS England to fully understand the impact of the incident,” a National Cyber Security Centre spokesperson said. An NHS England spokesperson added that the August Clop hack did not compromise any other hospitals.
Clop, aka Cl0p, is a ransomware group known for exploiting zero-days in secure managed file-transfer software to steal data from a large number of users at once. NHS Barts Health said the group targeted security flaws in its Oracle E-Business Suite, an enterprise resource planning and customer relationship management application. Clop initiated a campaign exploiting a zero-day flaw in the Oracle application that came to light on Sept. 29 when it began emailing victims, threatening to leak stolen data unless they paid cryptocurrency ransoms worth up to $50 million (see: Clop Attacks Against Oracle E-Business Suite Trace to July).
The attack is the latest case of growing ransomware hacks, especially against IT suppliers, often resulting in disruptions. The Qilin ransomware group in 2024 attacked Synnovis, a provider of medical laboratory services for NHS hospitals, resulting in delayed patient appointments and procedures and a nationwide blood shortage (see: NHS: Most Patient Services Online Following Synnovis Attack).
Disruptive hacks prompted NHS England to roll out voluntary commitments for healthcare IT suppliers, calling for measures such as regular IT systems patch management, and prompt alerting in the wake of an incident (see: NHS England Rolls Out Voluntary Cyber Charter for IT Suppliers).
