Medusa Ransomware Gang's 2025 Attack on UK Healthcare Provider Revealed After Year-Long Delay

In February 2025, the Medusa ransomware gang claimed responsibility for a cyberattack on UK healthcare provider HCRG Care Group, which later confirmed a breach but provided no further details at the time. Over a year later, in June 2026, HCRG began notifying affected patients about the incident. During the period of silence, cybersecurity outlet SuspectFile obtained and reported on data leaked by Medusa, though the extent of the exposed information was not specified. The attack targeted a healthcare organization, but no technical details, such as specific vulnerabilities or the number of affected individuals, were disclosed in the report.