NHS cyber breach exposes 169,000 files, including records linked to King Charles's home

Russian hackers have sent shockwaves through Britain’s health system after gaining access to hundreds of thousands of sensitive NHS documents some of them linked to the Royal Household.

The cyber breach, blamed on a ransomware gang exploiting a flaw in NHS software, has resulted in around 169,000 confidential files being dumped on the dark web. 

According to reports, the stolen data includes records connected to multiple royal residences, among them Buckingham Palace, Windsor Castle, Sandringham and King Charles’s official London home, Clarence House.

While it remains unclear which members of the Royal Family were treated or for what reason, the revelations have raised serious alarm about the protection of medical information particularly given the King’s ongoing cancer treatment. 

The exposure has sparked fresh concern over how securely the most sensitive health details, even those of the monarch, are being handled.

High-profile organisations caught up in the leak reportedly include the BBC, several Premier League football clubs, British aristocrats and even the Bahraini Royal Family.

At the centre of the incident is Oracle software, widely used by the NHS and Treasury to manage finances and human resources. 

Cybersecurity experts had already sounded the alarm in October, warning that vulnerabilities in the system made it a prime target for Russian hackers and that attempted attacks were “highly likely.”

Researchers at Google later revealed that a hacking group known as Clop contacted executives at numerous organisations, claiming to have stolen sensitive data and demanding payment to keep it private. 

When those demands were not met, the documents were allegedly published online.

Barts NHS Health Trust has since launched legal action in an attempt to block further disclosure of the data, as questions mount over how such a sweeping breach was allowed to happen.

An NHS spokesperson sought to play down wider fears following the cyber breach, stressing that no national systems had been affected and that support had been provided only to a local NHS organisation.