Major UK independent community healthcare services provider HCRG Care Group has launched an investigation into a cybersecurity incident after being purportedly compromised by the Medusa ransomware operation, which threatened to expose more than 2 TB of stolen data should the company refuse to pay its $2 million demand, TechCrunch reports.
"Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident," said HCRG spokesperson Alison Klabacher, who noted that the firm's operations have not been affected by the breach. While HCRG has not detailed the number of impacted individuals and types of compromised data, Medusa shared samples revealing employees' personal details, financial records, medical information, and government identification documents. Additional information regarding the attack's initial vector also remains uncertain but Medusa was previously noted to have deployed intrusions exploiting remote desktop software vulnerabilities.
