Leaked samples allegedly include passport and driving license scans, staff schedules, a birth certificate, and background check data. Despite these claims, HCRG has stated that it is actively investigating the incident alongside external forensic specialists. The company has assured that containment measures have been implemented and that its services remain operational, allowing patients to continue accessing care without disruption.
This attack reflects a growing trend where ransomware gangs bypass traditional encryption tactics and instead opt for data theft and extortion. The Medusa gang, which first emerged in late 2022, has primarily targeted technology, education, manufacturing, healthcare, and retail sectors, with organizations in the US and UK being among its top victims.
This is the second major UK-based attack attributed to Medusa this year. The gang previously targeted Gateshead Council, demanding $600,000, but the council refused to pay, resulting in the alleged publication of stolen data.
HCRG is likely to take a similar stance, as paying a ransom does not guarantee security. Cybersecurity experts warn that 78% of organizations that paid a ransom were targeted again, with many facing higher ransom demands in subsequent attacks. This incident underscores the ongoing threat posed by ransomware groups and the need for strong cybersecurity measures to mitigate such risks.
Source: The Register
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.