Clop Ransomware Group Targets NHS England in Oracle E-Business Suite Hack

NHS England has launched an investigation into a data security incident after the Clop ransomware group added the organisation to its data leak site, alleging it exploited a vulnerability in the Oracle E-Business Suite.

 

Recently, the Clop ransomware group—known for exploiting a vulnerability in Oracle E-Business Suite—announced several new victims on its data leak site, including the United Kingdom’s National Health Service (NHS). The group claims to have stolen confidential information from the NHS’s internal network and has threatened to release the data on the dark web.

 

In a statement shared with SecurityWeek, an NHS spokesperson said, “We are aware that the NHS has been listed on a cyber-crime website as being impacted by a cyber-attack, but no data has been published. Our cyber security team is working closely with the National Cyber Security Centre to investigate.”

 

Oracle E-Business Suite (EBS) is a widely used enterprise software system that manages various business functions such as finance, logistics, and customer relations. A zero-day vulnerability in Oracle EBS has been actively exploited by the Clop ransomware group, leading to data breaches affecting thousands of employees and customers across multiple organisations.

 

From October, the Clop ransomware group began posting the names of affected organisations on its data leak site. Since then, the group has allegedly published stolen data belonging to several prominent entities, including Harvard University, American Airlines subsidiary Envoy Air, industrial giants Schneider Electric and Emerson, and The Washington Post.

 

 

 

Besides the NHS, the Clop ransomware group has named 40 alleged victims on its data leak site, and has reportedly published data stolen from 25 of them.

 

GlobalLogic, a subsidiary of the Hitachi Group, also confirmed that in October cyber criminals exploited a zero-day vulnerability in Oracle EBS that led to a data breach compromising the personal information of over 10,000 individuals.