UK Healthcare Leader HCRG Confirms Ransomware Attack Amidst Sensitive Data Theft Claims
The U.K. healthcare sector is facing a growing concern as HCRG Care Group, a major provider of community health services, investigates a serious cybersecurity incident. Recently, a ransomware group claimed responsibility for breaching the company’s systems and stealing sensitive data, raising alarms about data security in healthcare.
About HCRG Care Group
HCRG Care Group, formerly known as Virgin Care and currently owned by Twenty20 Capita, is one of the largest independent healthcare providers in the United Kingdom. The organization collaborates with National Health Service (NHS) trusts and local authorities to deliver a wide range of healthcare services, including:
- Urgent care
- Sexual health services
- Adult and child social care
Cybersecurity Incident Overview
This week, HCRG was named on the dark web leak site of the notorious Medusa ransomware group. The group claims to have compromised the company, allegedly stealing over two terabytes of sensitive data.
Details of Allegedly Stolen Data
According to samples shared by Medusa and reviewed by TechCrunch, the stolen data may include:
- Personal information of employees
- Sensitive medical records
- Financial records
- Government identification documents, such as passports and birth certificates
Company Response and Investigation
HCRG spokesperson Alison Klabacher confirmed to TechCrunch that the organization is “currently investigating an IT security incident” and has become aware of a dark web post by the group claiming responsibility for the breach. Although the company did not disclose specific data types that were accessed, it did not challenge the claims made by Medusa.
With over 5,000 employees and healthcare services provided to approximately half a million patients across the U.K., HCRG is taking this incident seriously. The spokesperson noted, “Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident.”
Regulatory Notifications and Ongoing Services
HCRG has reported the breach to the U.K.’s Information Commissioner’s Office and other relevant regulators. The company reassured patients that its services continue to operate safely, stating, “Those with appointments or needing to access our services should continue to do so.”
Ransom Demand and Threats
The Medusa ransomware group is reportedly demanding a ransom of $2 million to prevent the publication of the allegedly stolen data. While HCRG has not disclosed how the breach occurred, it is known that Medusa often exploits unpatched vulnerabilities in remote desktop software.
For more information on cybersecurity defenses in the healthcare sector, you can visit NCBI for valuable resources and insights.
