Cl0p ransomware has leaked 241 GB of data from the NHS and also breached The Washington Post, exposing personal information of nearly 10,000 users. The attacks exploit critical vulnerabilities in Oracle's E-Business Suite, which have been previously flagged by NHS cybersecurity alerts. Experts warn that many systems remain vulnerable despite patches released by Oracle.

Barts Health NHS Trust confirmed that the Cl0p ransomware group stole files from its invoice database, exposing sensitive information like patient names and addresses. The breach, which went undetected for months, highlights ongoing vulnerabilities in NHS cybersecurity, despite clinical records remaining safe.

DXS International, a tech provider for NHS England, reported a cyberattack that compromised its office servers. A ransomware group claimed responsibility, alleging they stole 300 gigabytes of data, though the extent of the breach and any impact on patient information remains unclear.

Cybercriminals infiltrated NHS Professionals in May 2024, stealing its Active Directory database without public disclosure. Despite NHSP's claims of no data compromise, internal reports indicated significant breaches and vulnerabilities, prompting recommendations for enhanced cybersecurity measures, including multi-factor authentication and endpoint detection solutions.