A major UK healthcare provider, HCRG Care Group, has come under scrutiny after allegedly attempting to suppress reporting on its recent data breach. The company, which suffered a ransomware attack, reportedly demanded that a journalist take down coverage of the breach, citing a UK court order.
The attack, attributed to the Medusa ransomware group, led to the theft of over 2 terabytes of sensitive data, including patient records, employee details, and financial documents. Medusa demanded a $2 million ransom, threatening to release the stolen information if payment wasn’t made.
HCRG confirmed the cyberattack and claimed to be working with regulators and cybersecurity experts to mitigate the impact. However, its aggressive response toward journalists reporting on the incident has sparked backlash. The attempt to use legal threats to remove news coverage raises concerns about transparency, press freedom, and corporate accountability in handling cybersecurity crises.
As healthcare providers remain prime targets for cybercriminals, this case highlights the urgent need for stronger security measures and open communication with the public when breaches occur.
