A large-scale cyberattack has shaken Britain’s health system after hackers gained access to hundreds of thousands of confidential NHS documents, including files reportedly linked to royal residences.
Investigators have attributed the breach to a Russia-linked ransomware group that exploited a vulnerability in widely used NHS software. The attackers later leaked approximately 169,000 sensitive files on the dark web.
According to reports, the exposed data includes records connected to several royal properties, including Buckingham Palace, Windsor Castle, Sandringham, and Clarence House, King Charles’s official London residence.
Authorities have not confirmed which members of the Royal Family received treatment or the nature of any medical care. However, the disclosure has intensified concerns over data protection, particularly as King Charles continues cancer treatment.
The incident has prompted renewed scrutiny of how securely the UK handles highly sensitive medical information, even at the highest levels of the state.
Russian hackers access sensitive NHS documents from royal residences including Buckingham Palace and Windsor Castlehttps://t.co/wdQwTk8M2X
— GB News (@GBNEWS) December 14, 2025The breach appears to extend beyond the Royal Household. Reports indicate that the leaked data also involves the BBC, Premier League football clubs, prominent aristocratic families, and members of the Bahraini Royal Family.
The attack targeted Oracle software, which the NHS and HM Treasury use extensively for finance and human resources management. Cybersecurity experts had raised concerns months earlier. In October, analysts warned that known vulnerabilities made the system an attractive target and said attempted attacks were highly likely.
Read: OpenAI Reports Data Breach via Third-Party Analytics Provider Mixpanel
Researchers at Google later disclosed that a hacking group known as Clop contacted senior executives at multiple organisations. The group claimed it had stolen sensitive data and demanded payment to prevent public disclosure.
When organisations reportedly refused to pay, the hackers released the documents online. In response, Barts NHS Health Trust has initiated legal proceedings to prevent further dissemination of the leaked data.
An NHS spokesperson sought to reassure the public, stating that national NHS systems were not compromised and that the breach affected only a local organisation, which received targeted support.
