NHS private service provider investigating cyber attack

NHS private service provider, the HCRG Care Group, has confirmed that it is investigating a suspected ransomware attack. 

The group, previously known as Virgin Care, runs child and family health and social services for the NHS and local authorities.

HCRG Care Group said in a statement that it is looking into claims made by a cyber crime group that it has breached sensitive information.

A spokesperson for HCRG group said: “We can confirm that we are currently investigating an IT security incident and have recently identified a post on the dark web by a group claiming responsibility.

“Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident.

“Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so.”

They added that the Information Commissioner and regulators had been informed about the suspected attack.

Bath and North East Somerset and Wiltshire SW Integrated Care Board (BSW ICB) announced in October 2024 that it had awarded a £1.3bn contract to HCRG to provide all adult community health services across the region.

It said the the HCRG Care Group had been appointed to “lead an innovative new community-based care partnership with the NHS, local authorities and charities that will transform the care and support that people get to help them with their health and wellbeing at every stage of their lives.”

HCRG Care Group operated its first NHS service in the area in 2006, and has since delivered more than 200 community services, while employing more than 1,300 NHS staff.

Digital Health News contacted BSW Integrated Care Board for comment.