Barts Health NHS Trust Discloses Data Breach via Oracle E-Business Suite Zero-Day Exploit

Barts Health NHS Trust has disclosed a data breach resulting from the exploitation of a zero-day vulnerability in Oracle E-Business Suite by the Clop ransomware group. The vulnerability, identified as CVE-2022-21587, was patched by Oracle in October 2022. The attackers successfully exfiltrated files from a database, although the nature and volume of the data remain unspecified. This incident is part of a broader campaign targeting this vulnerability. Notably, there is no mention of a ransom demand or system encryption. This breach underscores the critical importance of timely patch management and robust security measures, particularly in the healthcare sector where sensitive patient data is at stake. Organizations must prioritize applying security patches promptly and implement comprehensive monitoring and detection mechanisms to mitigate the risk of similar incidents. Regular security audits and penetration testing are also essential to identify and address vulnerabilities proactively.