Data appeared on the leak site of the Medusa ransomware group.
HCRG Care Group has confirmed it’s investigating a cybersecurity incident.
According to TechCrunch, the British healthcare company was listed on the dark web leak site of the prolific Medusa ransomware group, which claims to have compromised the company to steal more than two terabytes of data.
Samples of the allegedly stolen data shared by Medusa and seen by TechCrunch appear to include employees’ personal information, sensitive medical records, financial records, and government identification documents, such as passports and birth certificates.
An HCRG spokesperson said the company is “currently investigating an IT security incident,” has informed the Information Commissioner’s Office and other regulators, but declined to say what types of data were accessed, but did not dispute Medusa’s claims.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
