IN February 2025, the Medusa ransomware gang claimed responsibility for a cyberattack on the UK healthcare provider HCRG Care Group. While HCRG initially confirmed a breach but offered limited details, the independent outlet SuspectFile revealed that a significant amount of personal and sensitive patient data, including information from 50TB of stolen data, had been compromised. Despite reports highlighting the breach, HCRG sought a court injunction against the publication of this data.
Meanwhile, a patient, John Adams, expressed frustration over delayed communication regarding the breach that took over a year to notify affected individuals. HCRG attributed this delay to 'uncertain details' and stated there was no evidence of data misuse. The incident was reported to the Information Commissioner’s Office (ICO), which is still investigating HCRG’s compliance with data protection regulations.