HCRG Care Group, one of the UK’s largest independent healthcare providers, has confirmed investigating a cybersecurity breach after a notorious ransomware group claimed to have stolen a large amount of sensitive data.
The healthcare organisation, formerly Virgin Care and now owned by Twenty20 Capita, provides various community health and social care services across the UK. It partners with NHS trusts and local authorities to deliver essential services, including urgent care, sexual health clinics, and adult and child social care support.
This week, HCRG was listed on the Medusa ransomware gang’s dark web leak site. The group claims to have infiltrated the company’s systems and stolen over two terabytes of data. If true, this could pose a serious risk to employees and patients.
Sensitive data potentially compromised
According to samples of the alleged stolen files shared by Medusa, the data may include employees’ personal details, sensitive medical records, financial information, and government-issued documents such as passports and birth certificates.
Alison Klabacher, a spokesperson for HCRG, confirmed in an email statement that the company is “currently investigating an IT security incident” and has “recently identified a post on the dark web by a group claiming responsibility.”
While HCRG has not confirmed the data type affected, Medusa’s claims have not been denied. The organisation has also not disclosed how many individuals may be impacted. HCRG employs over 5,000 staff and provides care to around half a million patients across the country, making the scale of the potential breach significant.
“Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident,” the spokesperson said. HCRG has also informed the UK’s Information Commissioner’s Office (ICO) and other regulators about the breach.
Despite the cyberattack, HCRG reassured the public that its services remain operational. “Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so,” the company added.
Ransom demand and ongoing risks
The Medusa ransomware gang is demanding a US$2 million ransom to prevent the publication of the allegedly stolen data. HCRG has not confirmed whether it will negotiate with the hackers or pay the ransom.
It is still unclear how Medusa breached HCRG’s systems, but the group is known for exploiting unpatched vulnerabilities in remote desktop software. Cybersecurity experts warn that organisations handling sensitive information must remain vigilant against these attacks, which are becoming increasingly common in the healthcare sector.
As investigations continue, affected individuals may face identity theft and fraud risks. Patients and employees are urged to stay alert for any signs of misuse of their personal information.
