HCRG Care Group investigates cybersecurity breach amid ransomware threat

HCRG Care Group, a leading independent healthcare provider in the United Kingdom, has confirmed an ongoing investigation into a cybersecurity incident following claims by the Medusa ransomware gang that it has stolen a vast trove of sensitive data. The attack has raised concerns over data security within the healthcare sector, given the scale of information allegedly compromised.

HCRG, formerly known as Virgin Care and now under the ownership of Twenty20 Capita, partners with National Health Service (NHS) trusts and local authorities to deliver critical community healthcare services. These include urgent care, sexual health services, and adult and child social care. The organization, which employs over 5,000 staff and serves approximately half a million patients across the U.K., was recently listed on Medusa’s dark web leak site, where the ransomware group claims to have exfiltrated more than two terabytes of data.

The data allegedly obtained in the breach includes employees’ personal details, financial records, sensitive medical records, and government-issued identification documents such as passports and birth certificates. Medusa is now demanding a $2 million ransom from HCRG, threatening to publish the stolen data if payment is not made.

HCRG spokesperson Alison Klabacher acknowledged the situation in a statement to TechCrunch, confirming that the company is actively investigating the security breach and has taken immediate containment measures. She added that external forensic specialists have been engaged to assess the incident. However, HCRG has not disclosed specific details regarding the nature of the compromised data or the number of individuals affected. The organization also stated that there have been no signs of further suspicious activity following the implementation of security measures.

The company has reported the breach to the U.K.’s Information Commissioner’s Office and other relevant regulators. Despite the cybersecurity incident, HCRG assured that its healthcare services remain fully operational and that patients with scheduled appointments should continue to seek care as usual.

HCRG has not revealed how the attackers infiltrated its systems. However, Medusa is known to exploit vulnerabilities in remote desktop software, a common attack vector for ransomware groups. The breach underscores the persistent threat faced by healthcare institutions, which remain high-value targets for cybercriminals due to the sensitive nature of the data they manage.