Medusa ransomware gang demands $2M from UK private health services provider

Exclusive HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what’s claimed to be stolen internal records unless a substantial ransom is paid.

Previously known as Virgin Care and now owned by Twenty20 Capital, HCRG runs child and family health and social services across the UK for the NHS and local authorities, with a workforce said to number 5,000. Its annual turnover to March 2023, its latest available figure, was just shy of £250 million ($315 million).

In an update on its dark-web site, the Medusa crew claimed it had stolen 2.275 TB of data from HCRG, and will either sell that information to a buyer for $2 million (£1.6 million), delete its copy of that info for the same amount, or leak it all online if no one pays up by February 27.

Additionally, the gang claims it will delay the release for $10,000 (£8,000) per day, presumably to keep negotiations open. It has already leaked samples, totaling 35 pages, of what’s said to be pilfered information, including passport and driving license scans, staff rotas, a birth certificate, and data from background checks.

Screenshot of Medusa ransomware note for HCRG

Tick-tock … Medusa’s ransom demand on its Tor-hidden site against HCRG Care Group. We’ve redacted a URL to where miscreants can download a list of files in the supposedly swiped data

“We can confirm that we are currently investigating an IT security incident and have recently identified a post on the dark web by a group claiming responsibility,” a spokesperson for HCRG told The Register Wednesday.

“Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident. Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so.”

For now, then, HCRG is still operational – a stark contrast to what happened in Texas last year, when the University Medical Center in Lubbock was forced to severely limit operations and turn away ambulances following a ransomware attack.

Medusa surfaced in late 2022, primarily targeting Windows environments. According to Palo Alto Networks’ Unit 42, it mainly targets five sectors: Technology, education, manufacturing, healthcare, and retail. US organizations are the gang’s top victims, with UK firms following closely behind.

The HCRG incident marks the second high-profile attack from Medusa this year against a British organization. Last month, it claimed it had pulled a similar heist against Gateshead Council. Despite the gang’s threats, the council refused to pay the $600,000 ransom, leading Medusa to publish what’s said to be stolen data online.

It’s likely HCRG will refuse to play ball, too. And even if the healthcare group did pay, there’s no guarantee Medusa wouldn’t double-dip by selling the data anyway. And according to security shop Cybereason, last year 78 percent of organizations that paid a ransom were attacked again, with 63 percent facing demands for an even larger payout the second time around. ®

Read More

Latest

Bitcoin News: Dave Portnoy Vows to Hold Bitcoin to Zero After Buying at $100K

Bitcoin News: Dave Portnoy Vows to Hold Bitcoin to Zero After Buying at $100K Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Fact

Bitcoin Price Prediction: Peter Brandt Might Dump BTC for Gold

Bitcoin Price Prediction: Peter Brandt Might Dump BTC for Gold Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Fact Checked by CryptoNews Editorial

Sam Altman ChatGPT AI Predicts the Price of XRP, Bitcoin and Ethereum By the End of May 2026

Sam Altman ChatGPT AI Predicts the Price of XRP, Bitcoin and Ethereum By the End of May 2026 Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets

Bitcoin Holds Near $77K Ahead of Fed Decision as LiquidChain Presale Tops $700K

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Last updated:  April 29, 2026 Bitcoin was trading near $77,000 on Wednesday, 29 April 2026

Newsletter

Don't miss

Bitcoin News: Dave Portnoy Vows to Hold Bitcoin to Zero After Buying at $100K

Bitcoin News: Dave Portnoy Vows to Hold Bitcoin to Zero After Buying at $100K Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Fact

Bitcoin Price Prediction: Peter Brandt Might Dump BTC for Gold

Bitcoin Price Prediction: Peter Brandt Might Dump BTC for Gold Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Fact Checked by CryptoNews Editorial

Sam Altman ChatGPT AI Predicts the Price of XRP, Bitcoin and Ethereum By the End of May 2026

Sam Altman ChatGPT AI Predicts the Price of XRP, Bitcoin and Ethereum By the End of May 2026 Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets

Bitcoin Holds Near $77K Ahead of Fed Decision as LiquidChain Presale Tops $700K

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Last updated:  April 29, 2026 Bitcoin was trading near $77,000 on Wednesday, 29 April 2026

Bitcoin Price Prediction: Saylor’s Strategy is a Risk to Bitcoin, According to JP Morgan

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Fact Checked by CryptoNews Editorial Team Author CryptoNews Editorial Team Part of the Team Since

Business seminar in Munich highlights Hong Kong’s strategic roles amidst global shifts (with photos)

Business seminar in Munich highlights Hong Kong's strategic roles amidst global shifts (with photos) ******************************************************************************************      The Hong Kong Economic and Trade Office, Berlin (HKETO Berlin), promoted Hong Kong's unique advantages and strategic roles at the seminar "Hong Kong's strategic role amidst geopolitical tensions" on June 18 (Munich time) in Munich, Germany.             Senior executives, investors

AI for business services: From job fears to productivity

AI for business services: From job fears to productivity

Business Insurance-AZ Achieves Record Response Times for 2026 Arizona Construction Bids

Business Insurance-AZ achieves milestone response speeds for commercial construction bids across Arizona, accelerating documentation delivery to keep local projects moving forward without delay. Phoenix, AZ, June 06-2026, ZEX PR WIRE — Business Insurance-AZ has achieved record-breaking processing speeds and response times for commercial construction bids throughout Arizona, directly supporting the state’s massive infrastructure and advanced manufacturing boom