The notorious Medusa ransomware gang has exposed a significant data breach involving UK-based HCRG Care Group, demanding a $2 million ransom. Although HCRG acknowledged the breach, they have not confirmed the extent of data affected, including patient and employee information.

Unveiling the Breach

On February 23, SuspectFile disclosed exclusive insights from Medusa, highlighting the breach's severity. The leaked data indicates substantial exposure of protected health information and personal employee details, despite HCRG's silence on the matter.

Medusa confirmed to SuspectFile that they had encrypted files and systems, contradicting HCRG's public statements.

Escalating Concerns

In a recent update, SuspectFile reported that the breach's impact was more extensive than initially believed. On February 18, Medusa released 35 images as proof of the breach, initially thought to be part of the 2.275 TB of data exfiltrated from HCRG's servers.

Additional Findings

  • Medusa revealed the breach involved two HCRG subdomains: assuramedical.local and VCL.local.
  • The ransomware group claims to have encrypted approximately 50TB of documents, though only 2TB have been uploaded.
  • SuspectFile received a complete NTDS log of the corporate network as evidence.

Despite these revelations, HCRG has not responded to inquiries or issued a public statement, leaving stakeholders in the dark.

Conclusion and Recommendations

SuspectFile continues to provide critical updates on this incident, urging HCRG Care Group to address the situation transparently. Patients and employees deserve clarity on the breach's implications. For more detailed insights on zero-day vulnerabilities and ransomware threats, visit our Research section.

The link has been copied!