NHS England is currently investigating a potential ransomware attack after the Cl0p gang claimed to have hacked its systems. The gang made a post on their dark web leak site on 11 November.
As of now, Cl0p has not disclosed any specific NHS bodies or leaked any organizational or patient data. There have been no visible signs of a traditional ransomware attack, such as IT outages or service disruptions. However, Cl0p is known for conducting attacks that involve theft and extortion rather than data encryption.
The NHS was mentioned alongside other organizations, including the US newspaper The Washington Post, which confirmed being a victim of a Cl0p attack. The attack exploited vulnerabilities in Oracle’s E-Business suite, which had been patched earlier in the year. NHS England’s digital teams had issued an advisory notice about these vulnerabilities on 23 October.
An NHS England spokesperson acknowledged the cyber attack listing but stated that no data had been published. They mentioned an ongoing investigation and collaboration with the National Cyber Security Centre (NCSC).
The lack of clarity in Cl0p’s dark web post was noted, as they did not specify which part of the NHS was targeted. Graeme Stewart from Check Point highlighted the need for sustained investment in NHS cyber security to address the increasing cyber threats faced by healthcare organizations.
Stewart revealed that UK healthcare organizations experience over 1,100 cyber attack attempts per week, making the NHS a prime target. He emphasized the importance of equipping the NHS with the necessary resources to combat cyber threats effectively.
In a separate incident, Synnovis, a pathology services unit affiliated with Guy’s and St Thomas’ and King’s College NHS Trusts, notified partners in the NHS of patient data exposure following a ransomware attack in 2024. Patients affected by the attack, primarily in South London, will be informed if their data was compromised.
