U.K. healthcare giant HCRG Care Group has confirmed it’s investigating a cybersecurity incident after a ransomware gang claimed to have breached the company’s systems to steal troves of sensitive data.
HCRG Care Group is one of the largest independent providers of community health and care services in the United Kingdom. The organization, previously known as Virgin Care and now owned by Twenty20 Capita, partners with National Health Service trusts and local authorities around the U.K. to deliver healthcare services, including urgent care, sexual health, and adult and child social care services.
HCRG was this week listed on the dark web leak site of the prolific Medusa ransomware group, which claims to have compromised the company to steal more than two terabytes of data.
Samples of the allegedly stolen data shared by Medusa and seen by TechCrunch appear to include employees’ personal information, sensitive medical records, financial records, and government identification documents, such as passports and birth certificates.
HCRG spokesperson Alison Klabacher told TechCrunch in an emailed statement that the company is “currently investigating an IT security incident” and has “recently identified a post on the dark web by a group claiming responsibility.”
The company declined to say what types of data were accessed but did not dispute Medusa’s claims. HCRG also declined to say how many individuals are affected. According to the company’s website, HCRG has more than 5,000 employees and delivers healthcare services to half a million patients across the United Kingdom.
“Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident, the spokesperson said.
HCRG said it informed the U.K.’s Infor …