British Healthcare Provider Investigating Ransom Claims

Uploaded on 2025-03-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The British National Health Service (NHS) private service provider, the HCRG Care Group, has confirmed that it is investigating a suspected ransomware attack. 

HCRG Care Group, formerly Virgin Care, runs child and family health and social services for the NHS, delivering a wide range of community services, while employing more than 1,300 NHS staff.

Now, HCRG has said it is investigating claims by the  Medusa a ransomware group, which has claimed that it has stolen  more than two terabytes of sensitive information and is threatening to leak confidential internal records, unless a substantial ransom is paid.

The Medusa gang’s Dark Web site claims the group has stolen 2.275TB of data, and the information is for sale for £1.6 million ($2 million), or offering to delete data for the same amount. They then threatened to leak the information online if the ransom isn’t paid by February 27.

Samples of the stolen data have been leaked, and of the 35 pages posted, the information seems to be passport and driving license scans, birth certificates, background checks, and staff rotas. These could put those affected at risk of identity theft, fraud, or social engineering scams.

HCRG has said in a statement that it is looking into these claims made by Medusa that it has breached and stolen sensitive information. A spokesperson for HCRG group said: “We can confirm that we are currently investigating an IT security incident and have recently identified a post on the Dark Web by a group claiming responsibility... Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident...

.. Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so.”

In compliance with UK rules, HCRG has informed the Information Commissioner's Office and relevant law enforcement agencies of the breach.

Digital Health     |     BBC     |     The Register     |     Tech Radar  |    Computing     |     MSN

Image: @HCRGCareGroup

You Might Also Read: 

EU To Strengthen Cyber Defence In Healthcare:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« AI Could Help Prepare For The Next Pandemic
Alibaba Intends To Spend $53bn On Developing AI »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

Genua

Genua

Genua is a specialist in IT security services and solutions ranging from network and infrastructure security to encrypted comms and industrial automation.

BMS Group

BMS Group

BMS is an independent, employee-owned specialist insurance broking group. Broking solutions include Cyber and Technology.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Tecnalia Research & Innovation

Tecnalia Research & Innovation

Tecnalia is the largest center of applied research and technological development in Spain, a benchmark in Europe and a member of the Basque Research and Technology Alliance.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

CertNexus

CertNexus

CertNexus is a vendor-neutral certification body, providing emerging technology certifications and micro-credentials for business, data, developer, IT, and security professionals.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.