Private NHS provider hit by cyber attack

A major private provider of NHS services has been hit by a cyber attack, taking down its network and potentially breaching patient data.

HCRG Care Group, which was formerly Virgin Care, confirmed it was looking into claims made by a ransomware group that more than two terabytes of sensitive information had been breached.

HCRG provides community services for the NHS in Kent, Surrey and Bath, North East Somerset, Swindon and Wiltshire.

An HCRG spokesperson said: “We can confirm that we are currently investigating an IT security incident and have recently identified a post on the dark web by a group claiming responsibility. Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident.

”We have informed the [Information Commissioner] and regulators and are keeping them updated on our investigation. Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so.”

Read full story (paywalled)

Source: HSJ, 20 February 2025