HCRG Care Group, a leading healthcare provider in the United Kingdom, is currently investigating a significant cybersecurity breach after the Medusa ransomware group claimed responsibility for compromising its systems. The organization, previously known as Virgin Care, is one of the largest independent providers of community health services and partners with the National Health Service and local authorities. This breach has raised concerns about the exposure of sensitive data, including employee personal information, financial records, medical records, and government identification documents such as passports and birth certificates.
The Medusa ransomware group has posted on a dark web leak site, claiming to have stolen more than two terabytes of data from HCRG Care Group.
The company has confirmed that it is looking into the incident, but has not disclosed the exact types of data accessed or the number of individuals affected. Despite the gravity of the situation, HCRG has assured patients that their services continue to operate safely, and patients with appointments are encouraged to attend as usual. Immediate containment measures have been put in place to prevent further damage.
Although HCRG has not confirmed how the breach occurred, Medusa is known for exploiting unpatched vulnerabilities in remote desktop software. The ransomware group has issued a ransom demand of $2 million, threatening to release the stolen data unless the payment is made. HCRG is collaborating with external forensic specialists to investigate the breach’s full scope and has already informed the U.K.’s Information Commissioner’s Office and other regulatory bodies.
The ongoing investigation aims to assess the impact of the breach on HCRG’s operations and its over 5,000 employees. The company’s response to the attack has focused on ensuring patient safety and operational continuity. Despite the significant threat posed by the cybercriminals, HCRG is working swiftly to contain the incident and mitigate any further risks to its systems and patient data.
Reference:
