HCRG Care Group investigates ransomware attack after gang claims theft of sensitive data
Learn More
HCRG Care Group, an private healthcare provider in the United Kingdom that partners with NHS trusts and local authorities, is investigating a significant cybersecurity incident. The organization, offers healthcare services including urgent care, sexual health, and adult and child social care services across the UK.
The Medusa ransomware group has listed HCRG on their dark web leak site, claiming to have exfiltrated more than two terabytes of sensitive data. The ransomware group is demanding a $2 million ransom payment to prevent the publication of the allegedly stolen information.
The types of data reportedly compromised include:
- Employee personal information
- Sensitive medical records
- Financial records
- Government identification documents (including passports and birth certificates)
HCRG Care Group confirmed they are investigating the incident and have acknowledged the dark web post. The organization has implemented immediate containment measures and reports no suspicious activity since these measures were put in place.
The number of affected individuals has not been disclosed by the organization. The company has around 500,000 patients enrolled at GP services it runs.
The company has notified relevant authorities, including the UK's Information Commissioner's Office and other regulators. D HCRG claims that their services remain operational, and patients should continue to attend their appointments and access services as normal.
