U.K. healthcare company HCRG Care Group is conducting an investigation into a cybersecurity incident following claims by a ransomware group that it has breached the company’s systems to exfiltrate large amounts of sensitive data.
HCRG Care Group ranks among the largest independent providers of community health and care services in the United Kingdom. Previously operating under the name Virgin Care and now under the ownership of Twenty20 Capita, HCRG collaborates with National Health Service trusts and local authorities throughout the U.K. to offer healthcare services, including urgent care, sexual health, and both adult and child social care services.
This week, HCRG was listed on the dark web leak site managed by the notorious Medusa ransomware group, which alleges it compromised the company to steal over two terabytes of data.
Samples purportedly containing stolen data shared by Medusa and reviewed by TechCrunch suggest they include personal information of employees, sensitive medical records, financial records, and government identification documents like passports and birth certificates.
HCRG spokesperson Alison Klabacher communicated to TechCrunch via an email statement that the company is “currently investigating an IT security incident” and “recently identified a post on the dark web by a group claiming responsibility.”
While the company did not confirm which types of data were accessed, it did not contest Medusa’s claims. HCRG also chose not to disclose the number of affected individuals. According to HCRG’s website, the organization employs over 5,000 individuals and provides healthcare services to roughly half a million patients across the United Kingdom.
“Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident,” the spokesperson added.
HCRG reported the breach to the U.K.’s Information Commissioner’s Office and other relevant regulators.
“Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so,” the company assured.
The Medusa ransomware group is demanding a ransom payment of $2 million, threatening to release the purportedly stolen data if the demand is not met.
HCRG has not disclosed specifics about the method of the breach, but it is noted that the Medusa group is known for exploiting unpatched vulnerabilities in remote desktop software.
