HCRG Care Group’s Cybersecurity Crisis

In February 2025, HCRG Care Group, a prominent UK healthcare provider, became the target of a significant cyberattack by the Medusa ransomware group. The attackers claimed to have stolen over two terabytes of sensitive data, including personal information, medical records, and financial documents. This breach led to a $2 million ransom demand from the cybercriminals.

The Attack Unfolds

The cyberattack disrupted HCRG’s operations, causing staff to experience difficulties accessing websites and patient information. A spokesperson for the organization stated, “Our team has not observed any suspicious activity since the implementation of immediate containment measures.” Despite these assurances, the breach raised serious concerns about the security of sensitive healthcare data.

Medusa’s Claims and Ransom Demand

The Medusa ransomware group, known for exploiting unpatched vulnerabilities in remote desktop software, claimed responsibility for the attack. They demanded a $2 million ransom, threatening to release the stolen data unless the payment was made. The group also published samples of the stolen data, including passport and driving license scans, staff rotas, a birth certificate, and data from background checks.

Explore the data solution with built-in protection against ransomware TrueNAS.

HCRG’s Response and Regulatory Involvement

In response to the breach, HCRG implemented immediate containment measures and informed the Information Commissioner’s Office and other relevant regulators. The organization assured patients that services continued to operate safely and that appointments should proceed as scheduled. However, the incident highlighted the vulnerabilities in healthcare data security and the potential consequences of such breaches.

Legal Actions and Data Suppression Efforts

Following the attack, HCRG sought a UK court-ordered injunction to compel a cybersecurity breach reporting website to remove references to the stolen data. The injunction was issued by High Court judge Michael Soole, based on the request by HCRG’s attorneys at Pinsent Masons. However, the US-based maintainer of the website refused to comply due to the injunction’s inapplicable jurisdiction and published details of the injunction online, noting the chilling effects of suppressing speech.

Industry Implications and Future Outlook

This incident underscores the growing threat of ransomware attacks in the healthcare sector. The breach at HCRG Care Group serves as a stark reminder of the importance of robust cybersecurity measures and the need for organizations to be prepared for such attacks. As the investigation continues, the healthcare industry must reassess its data protection strategies to safeguard sensitive patient information.

References

• HCRG Care Group once again praised for high standards of data protection and security – HCRG Care Limited, trading as HCRG Care Group
• Hackers claim responsibility for NHS provider attack – BBC News
• UK healthcare giant HCRG confirms hack after ransomware gang claims theft of sensitive data | TechCrunch
• Information governance – HCRG Care Group – Community Health and Care Services
• Medusa extortion gang demands $2M from UK’s HCRG Care Group • The Register
• Hacked health firm HCRG demanded journalist ‘take down’ data breach reporting, citing UK court order | TechCrunch
• HCRG Care Group Investigates Cyberattack – CyberMaterial
• Healthcare Ransomware Roundup: H1 2025 stats on attacks, ransoms, and data breaches – Comparitech
• GP staff and healthcare records compromised in ransomware attack – Computing
• HCRG Care Group (https://en.wikipedia.org/wiki/HCRG_Care_Group)