securityweek.com
By Eduard Kovacs|
November 13, 2025 (7:54 AM ET)
The UK’s national healthcare system is working with the country’s National Cyber Security Centre to investigate the incident.
Cybercriminals have named the United Kingdom’s National Health Service (NHS) as one of the victims of the recent data theft and extortion campaign targeting organizations that use Oracle’s E-Business Suite (EBS) enterprise resource planning solutions.
“We are aware that the NHS has been listed on a cyber-crime website as being impacted by a cyber-attack, but no data has been published,” a spokesperson for NHS England told SecurityWeek. “Our cyber security team is working closely with the National Cyber Security Centre to investigate.”
The Oracle EBS hacking campaign came to light in early October and within two weeks the cybercriminals started naming victims on the Cl0p ransomware group’s leak website. The hackers have since made public data allegedly stolen from organizations such as Harvard University, American Airlines subsidiary Envoy Air, industrial giants Schneider Electric and Emerson, and The Washington Post.
The NHS is the latest organization named on the Cl0p ransomware leak website, which now lists more than 40 alleged victims of the Oracle EBS campaign. Data allegedly obtained from 25 targets has been published.
One of the victims named in recent days is Hitachi subsidiary GlobalLogic, a provider of digital engineering solutions.
GlobalLogic confirmed this week that the cybercriminals gained access to HR information for current and former employees, including names, addresses, contact information, dates of birth, passport information, Social Security numbers, salary information, and bank account details. The company said the incident impacts more than 10,000 individuals.
A majority of the organizations named on the Cl0p website have yet to confirm or deny being impacted. The list includes major companies such as Logitech, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland.
Victims of the Oracle EBS hack are likely conducting investigations and some of them likely do not want to share information until their probes are completed. Others are likely trying to avoid the spotlight by staying silent.
While Cl0p’s history suggests that organizations are rarely listed as victims without cause, the actual scope of the breach may be exaggerated by the threat actors to pressure victims into payment.
More than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected.
Around 170 patients have suffered harm as a result of a cyber attack on blood services at London hospitals and GP surgeries, reports suggest.
Pathology services provider Synnovis was the victim of a ransomware attack by a Russian cyber gang in June last year.
As a result more than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected.
And a significant number of GP practices in London were unable to order blood tests for their patients.
Now the Health Service Journal (HSJ) has reported that there were nearly 600 “incidents” linked to the attack, with patient care suffering in 170 of these.
Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.
Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures.
The personal information of a million individuals was leaked online following a ransomware attack that in June hit NHS hospitals in London.
Cybercriminals behind attacks disrupting at least five London hospitals leaked nearly 400 gigabytes of data, which reportedly included blood test information.
Qilin ransomware started leaking data stolen from England National Health Service (NHS) partner Synnovis labs. According to reports from the BBC, the data includes patient names, dates of birth, NHS numbers, descriptions of blood tests, and other information.
The residents of Dumfries and Galloway are being warned their data was likely compromised in a February ransomware attack on the National Health Service (NHS).
As a result of the cyberattack “hospitals cannot currently match patients’ blood at the same frequency as usual,” announced NHS Blood and Transplant.
Cybercriminals have published another batch of data stolen from NHS Dumfries and Galloway in Scotland, this time including information about children.
A cybercrime group has published information stolen from NHS Dumfries and Galloway.
Observer investigation reveals Meta Pixel tool passed on private details of web browsing on medical sites
Its IT provider says it may take three or four weeks to fully recover from the cyber-attack.
