Ransomware victim disclosure
← All victimsHCRG Care Group
Claimed by Medusa · listed 1 year ago
Status timeline
- ListedFeb 20, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusa
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Healthcare
- Listed on leak site
- Feb 20, 2025
- Data size
- 2.275 TB
- Records
- 5.000 employees
About the victim
AI dossier — public-source company profileHCRG Care Group is a United Kingdom-based healthcare provider operating physician clinics and specialty clinics. Founded in 2006 with approximately 5,000 employees and a corporate office in Runcorn, Cheshire.
- Industry
- Healthcare Services
- Address
- The Heath Business and Technical Park, Runcorn, Cheshire, WA7 4QX, United Kingdom
- Employees
- 5000
- Founded
- 2006
Attack summary
Severity: critical — Healthcare sector with confirmed exfiltration of 2.275 TB of data (likely including PII and protected health information); data published and downloadable by threat actor.Medusa claims to have exfiltrated 2.275 TB of data from HCRG Care Group. The group provides a direct download link to the stolen dataset, indicating confirmed data exfiltration rather than encryption-only attack.
Data the group says was taken
AI dossier — extracted from the leak post- patient records
- healthcare data
- business documents
What the group claims
HCRG Care Group (founded in 2006) is a healthcare company that provides healthcare services such as physician clinics and specialty clinics. HCRG Care corporate office is located in The Heath Business and Technical Park, Runcorn, Cheshire, WA7 4QX, United Kingdom and has 5,000 employees. The total amount of data leakage is 2.275 Tb Direct file tree download link due to big file size: https://www.sendspace.com/file/8i7cca
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

