U.K. healthcare giant HCRG Care Group has confirmed that it is investigating a cybersecurity incident after the Medusa ransomware gang claimed to have breached the company’s systems and stolen vast amounts of sensitive data.
HCRG Care Group is one of the largest independent providers of community health and care services in the United Kingdom. Previously known as Virgin Care and now owned by Twenty20 Capita, the organization works with National Health Service (NHS) trusts and local authorities to provide healthcare services, including urgent care, sexual health, and adult and child social care.
Ransomware Gang Claims Theft of Sensitive Data
This week, HCRG appeared on the dark web leak site of the Medusa ransomware group, which claims to have stolen more than two terabytes of data from the company. Allegedly stolen records, samples of which were shared by Medusa and reviewed by TechCrunch, include employees’ personal details, sensitive medical records, financial documents, and government identification files such as passports and birth certificates.
HCRG spokesperson Alison Klabacher confirmed that the company is “currently investigating an IT security incident” and has “recently identified a post on the dark web by a group claiming responsibility.” However, the company has not disclosed what types of data were accessed or how many individuals may be affected. HCRG employs over 5,000 staff members and provides healthcare services to approximately 500,000 patients across the U.K.
HCRG Responds as Investigation Continues
The company stated that it has implemented immediate containment measures and has not observed any suspicious activity since doing so. External forensic specialists have been brought in to assist with the investigation. HCRG also confirmed that it has reported the incident to the U.K.’s Information Commissioner’s Office and other relevant regulators.
“Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so,” HCRG said in a statement.
Meanwhile, the Medusa ransomware group is threatening to release the stolen data unless HCRG pays a $2 million ransom. Although HCRG has not confirmed how its systems were compromised, Medusa is known for exploiting unpatched vulnerabilities in remote desktop software.
