HCRG Care Group investigating a major ransomware attack on its network

HCRG Care Group, a prominent healthcare provider in the UK, said it is investigating a possible data security incident after the Medusa ransomware group claimed that it breached its internal network and stole more than 2TB of data.

 

Previously known as Virgin Care and now owned by Twenty20 Capital, HCRG operates several healthcare facilities across the UK for the NHS and local authorities. With a workforce of more than 5,000 professionals, the healthcare provider caters to half a million patients across the country.

 

Recently, the infamous Medusa Ransomware group claimed that it infiltrated the internal network of HCRG and listed it as a victim on its data leak site. The group claims to be in possession of 2.275 TB of data stolen from HCRG and has demanded a ransom of $2 million, or £1.6 million, in exchange for not publishing the data. 

 

 

The group has given HCRG a deadline of February 27 to meet its ransom demand, after which the group has threatened to leak the stolen data. Medusa has also given HCRG the option of delaying the data leak by paying $10,000 per day, indicating that negotiations are ongoing.

 

To prove the authenticity of its claims, the group has leaked samples of the stolen data that include passport and driving license scans, employee information,  birth certificates, data from background checks and financial records.

 

Acknowledging the claims of the Medusa ransomware group, a HRCG spokesperson said in a statement shared with the media that the organisation is “currently investigating an IT security incident” and has “recently identified a post on the dark web by a group claiming responsibility.”

 

“Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident. Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so,” the spokesperson added.