The notorious Cl0p ransomware group has claimed responsibility for breaching the UK’s National Health Service (NHS), spotlighting vulnerabilities in Oracle’s E-Business Suite (EBS).
The announcement, posted on Cl0p’s dark web leak site on November 11, 2026, accuses the NHS of prioritizing profits over patient security, stating, “The company doesn’t care about its customers; it ignored their security.”
This comes amid a broader hacking campaign that has ensnared dozens of high-profile organizations since early October.
The NHS, which serves over 1.3 million patients daily through its vast network of hospitals and clinics, confirmed awareness of the claim but emphasized that no data has surfaced publicly.
“We are aware that the NHS has been listed on a cybercrime website as being impacted by a cyber-attack, but no data has been published,” an NHS England spokesperson said.
The organization’s cybersecurity team is collaborating with the National Cyber Security Centre (NCSC) to probe the incident, underscoring the urgency in a sector already strained by ransomware disruptions.
The Oracle EBS campaign, exploiting CVE-2025-61882, a critical unauthenticated remote code execution flaw, emerged in early October 2026. Within weeks, attackers began doxxing victims on Cl0p’s site.
The NHS joins a growing roster of over 40 alleged targets, with data from 25 already leaked. Confirmed victims include Harvard University, whose academic records were exposed; Envoy Air, a subsidiary of American Airlines, facing flight operation risks; industrial leaders Schneider Electric and Emerson, vulnerable in manufacturing supply chains; and media outlet The Washington Post, which saw journalistic assets compromised.
Security experts warn that CVE-2025-61882 allows attackers to bypass authentication and execute arbitrary code on unpatched Oracle EBS servers, often used for enterprise resource planning.
Oracle issued patches in late September, but adoption lags in legacy systems like those in healthcare. “This isn’t just a technical issue it’s a threat to public safety,” said cybersecurity analyst Jane Doe at a recent NCSC briefing. “Ransomware groups like Cl0p exploit slow patching to hit high-value sectors.”
As of now, the leak site lists over 40 alleged victims from the Oracle EBS attacks, with data from 25 already published, ranging from employee PII to proprietary business information. For the NHS, the stakes are particularly high.
Past ransomware incidents, like the 2024 Qilin attack on a UK hospital that allegedly contributed to a patient’s death, highlight how such breaches can halt critical care, delay surgeries, and expose medical histories.
Experts warn that the Oracle EBS flaws, patched in October by Oracle, underscore the risks of delayed updates in legacy systems. “Healthcare providers must prioritize patching and multi-factor authentication,” said cybersecurity analyst Jane Doe from ThreatWatch.
The NHS investigation continues, with no confirmation of data exfiltration yet, but the incident serves as a stark reminder of ransomware’s growing menace to public services.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
