NHS investigating potential breach after ransomware group claims breach of Oracle E-Business Suite

The United Kingdom's National Health Service is investigating a potential data breach after the Cl0p ransomware group claimed responsibility for compromising NHS systems through exploitation of vulnerabilities in Oracle's E-Business Suite. 

The announcement appeared on Cl0p's dark web leak site on November 11, 2025. The NHS has become the latest high-profile target in a sweeping campaign that has affected over 40 organizations since early October.

The attack exploited CVE-2025-61882 (CVSS score 9.8), an unauthenticated remote code execution vulnerability in Oracle's E-Business Suite software. 

Security researchers have traced exploitation of this vulnerability to as early as August 2025, months before Oracle issued emergency patches in late September.

The scope of potentially exposed data and number of affected individuals is not clear. NHS officials have not confirmed whether data was stolen. An NHS England spokesperson stated, "We are aware that the NHS has been listed on a cybercrime website as being impacted by a cyber-attack, but no data has been published. Our cybersecurity team is working closely with the National Cyber Security Centre to investigate."