Data appeared on the leak site of the Medusa ransomware group.
HCRG Care Group has confirmed it’s investigating a cybersecurity incident.
According to TechCrunch, the British healthcare company was listed on the dark web leak site of the prolific Medusa ransomware group, which claims to have compromised the company to steal more than two terabytes of data.
Samples of the allegedly stolen data shared by Medusa and seen by TechCrunch appear to include employees’ personal information, sensitive medical records, financial records, and government identification documents, such as passports and birth certificates.
An HCRG spokesperson said the company is “currently investigating an IT security incident,” has informed the Information Commissioner’s Office and other regulators, but declined to say what types of data were accessed, but did not dispute Medusa’s claims.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
