Data Breaches

NHS Investigating Oracle EBS Hack Claims as Hackers Name Over 40 Alleged Victims

The UK’s national healthcare system is working with the country’s National Cyber Security Centre to investigate the incident.

Oracle

Cybercriminals have named the United Kingdom’s National Health Service (NHS) as one of the victims of the recent data theft and extortion campaign targeting organizations that use Oracle’s E-Business Suite (EBS) enterprise resource planning solutions.

“We are aware that the NHS has been listed on a cyber-crime website as being impacted by a cyber-attack, but no data has been published,” a spokesperson for NHS England told SecurityWeek. “Our cyber security team is working closely with the National Cyber Security Centre to investigate.”

The Oracle EBS hacking campaign came to light in early October and within two weeks the cybercriminals started naming victims on the Cl0p ransomware group’s leak website. The hackers have since made public data allegedly stolen from organizations such as Harvard University, American Airlines subsidiary Envoy Air, industrial giants Schneider Electric and Emerson, and The Washington Post.

The NHS is the latest organization named on the Cl0p ransomware leak website, which now lists more than 40 alleged victims of the Oracle EBS campaign. Data allegedly obtained from 25 targets has been published. 

One of the victims named in recent days is Hitachi subsidiary GlobalLogic, a provider of digital engineering solutions. 

GlobalLogic confirmed this week that the cybercriminals gained access to HR information for current and former employees, including names, addresses, contact information, dates of birth, passport information, Social Security numbers, salary information, and bank account details. The company said the incident impacts more than 10,000 individuals. 

Advertisement. Scroll to continue reading.

A majority of the organizations named on the Cl0p website have yet to confirm or deny being impacted. The list includes major companies such as Logitech, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland.

Victims of the Oracle EBS hack are likely conducting investigations and some of them likely do not want to share information until their probes are completed. Others are likely trying to avoid the spotlight by staying silent.  

While Cl0p’s history suggests that organizations are rarely listed as victims without cause, the actual scope of the breach may be exaggerated by the threat actors to pressure victims into payment.

Related: CISA Confirms Exploitation of Latest Oracle EBS Vulnerability

Related: Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching

Related: Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks

Related Content

Cybercrime

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Data Breaches

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Cybercrime

Angelo Martino, a former ransomware negotiator, was sentenced to 70 months for helping the BlackCat/Alphv group.

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Artificial Intelligence

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version