Industry - Data Breach
Executive Summary
HCRG Care Group, a major private provider of NHS services in Kent and Surrey, is investigating a ransomware attack in which hackers claim to have breached more than two terabytes of sensitive patient information. The company implemented containment measures after staff reported IT issues and difficulties accessing patient data, and has notified the Information Commissioner and regulators. Services continue to operate, though some patient appointments were rescheduled due to the incident.
What Happened
HCRG Care Group, a private provider of NHS community services in Kent and Surrey, experienced a ransomware attack in which cybercriminals claim to have stolen over two terabytes of sensitive patient information. Staff first reported IT issues and difficulty accessing patient data on Thursday, February 13, 2025, prompting the organization to implement immediate containment measures. The company has engaged external forensic specialists to investigate after discovering a claim of responsibility posted on the dark web, and has notified the Information Commissioner's Office and relevant healthcare regulators.
Who Is Affected
Patients receiving NHS community services through HCRG Care Group in Kent and Surrey are potentially affected, as the breach reportedly involves sensitive patient information. Some patients had appointments rescheduled during the initial response period last week. The full scope of affected individuals has not yet been determined as the forensic investigation is ongoing.
Why It Matters
This incident highlights ongoing vulnerabilities in healthcare systems that handle NHS patient data through private contractors, where ransomware attacks can simultaneously disrupt care delivery and compromise highly sensitive medical information. The scale of the claimed breach - over two terabytes of data - suggests potentially hundreds of thousands of patient records may be involved. Healthcare data is particularly valuable to criminals and sensitive to patients, as it contains detailed medical histories, personal identifiers, and treatment information that cannot be changed like financial credentials.
What You Should Do
If you are a patient of HCRG Care Group services in Kent or Surrey, monitor communications from the organization for specific guidance about whether your data was compromised. Be alert for phishing attempts or scam communications that may reference your medical information, and report suspicious contacts to Action Fraud. Register for NHS login if you haven't already, enabling you to monitor your medical records for unauthorized access. Consider placing fraud alerts with credit reference agencies, as medical data breaches often precede identity theft attempts.
Summary generated from verified sources and reviewed before publication. How we summarize.