British healthcare giant HCRG Care Group has confirmed it is investigating cybersecurity incidents after ransomware gangs claimed to have violated the company’s systems to steal sensitive data.
HCRG Care Group is one of the largest independent providers of community health and care services in the UK. The organization formerly known as Virgin Care, now owned by Twenty20 Capita, works with the National Health Services Trust and local authorities in the UK to provide medical services including emergency care, sexual health, and social care for adults and children.
HCRG listed this week on the dark web leak site of the prolific Medusa ransomware group, which the group claims the company has compromised the company’s data that stole more than two data.
Medusa shared allegedly stolen data and samples of TechCrunch appear to include employee personal information, sensitive medical records, financial records and government identification documents such as passports and birth certificates.
HCRG spokesman Alison Klabacher told TechCrunch in an emailed statement that the company is “investigating IT security incidents” and “recently identified a post on the dark web by a group claiming responsibility ”.
The company declined to disclose what types of data it accessed, but did not object to Medusa’s claim. HCRG also refused to say how many people were affected. According to the company’s website, HCRG has more than 5,000 employees and provides medical services to 500,000 patients in the UK.
“We have not observed any suspicious activity since the implementation of the immediate containment measures and we are working with external forensic experts to investigate the incident.
HCRG said it informed the Office of the UK Information Commissioner and other regulators about the violations.
“Our service is continuing to operate and see patients safely and people with appointments or need to receive our services should continue to do so,” the company said.
Medusa Ransomware Group threatens to release so-called stolen data unless HCRG pays the gang a $2 million ransom demand.
HCRG won’t confirm how it compromises, but Medusa exploitation is known Unlisted vulnerabilities in Remote Desktop Software.
