HCRG Data Breach: UK Healthcare Giant Confirms Hack

HCRG Care Group Investigates Data Breach

A significant cybersecurity incident is currently under investigation by HCRG Care Group, a leading healthcare provider in the U.K. A ransomware group has asserted responsibility for a breach resulting in the potential theft of substantial amounts of sensitive data.

About HCRG Care Group

HCRG Care Group stands as one of the largest independent providers of community health and care services within the United Kingdom. Formerly operating as Virgin Care and now under the ownership of Twenty20 Capital, the organization collaborates with National Health Service trusts and local authorities.

These partnerships facilitate the delivery of a wide range of healthcare services, encompassing urgent care, sexual health services, and both adult and child social care provisions.

Medusa Ransomware Claims Responsibility

This week, HCRG was listed on a dark web leak site associated with the Medusa ransomware group. The group alleges a successful compromise of the company’s systems and the exfiltration of over two terabytes of data.

Evidence shared by Medusa and reviewed by TechCrunch suggests the stolen data includes confidential employee information, sensitive medical records, financial documentation, and official government identification.

Company Response and Investigation

Alison Klabacher, a spokesperson for HCRG, confirmed to TechCrunch via email that the company is “currently investigating an IT security incident.” They also acknowledged awareness of a post on the dark web claiming responsibility for the attack.

While the company refrained from specifying the types of data accessed, it did not refute the claims made by the Medusa group. The number of individuals potentially affected by the breach remains undisclosed.

Scale of the Organization

According to HCRG’s official website, the organization employs over 5,000 individuals and provides healthcare services to approximately half a million patients throughout the United Kingdom.

The spokesperson stated that “Our team has not observed any suspicious activity since the implementation of immediate containment measures.” They are actively collaborating with external forensic specialists to thoroughly investigate the incident.

Regulatory Notification and Service Continuity

HCRG has notified the U.K.’s Information Commissioner’s Office and other relevant regulatory bodies regarding the data breach.

“Our services are continuing to operate and safely see patients,” the company assured. “Individuals with scheduled appointments or requiring access to services should proceed as planned.”

Ransom Demand

The Medusa ransomware group is demanding a ransom of $2 million from HCRG in exchange for not publishing the allegedly stolen data.

Potential Attack Vector

HCRG has not yet determined the initial point of compromise. However, the Medusa group is known to frequently exploit vulnerabilities present in unpatched remote desktop software.