Healthcare Cyber Brief | February 2025 UK Edition

Ransomware, NHS system outages, and escalating attack tactics are putting UK hospitals and private healthcare providers at greater risk than ever.?

• HCRG Care Group Hit by Hackers – 2.2TB of Patient Data Stolen?

• Cyberattack Delays Cancer Treatments at Wirral University Teaching Hospital?

• UK Introduces Cyber Attack Severity Rating System for Critical Sectors?

• Medusa Ransomware Expands UK Healthcare Attacks?

?? Here’s what UK healthcare CISOs need to know—and how to prepare.?

This Month in UK Healthcare Cybersecurity

?? UK Private Healthcare Provider HCRG Care Group Hit by Hackers?

HCRG Care Group, a private healthcare group that will soon take charge of Swindon community care services, has suffered a cyberattack, with hackers claiming to have stolen over 2.2TB of patient records, financial data, and staff details. Hackers are demanding a ￡1.6 million ($2 million) ransom in exchange for not leaking the stolen data.?

Why This Matters:?

• Regulatory Fallout: The ICO/NCSC will likely investigate, increasing scrutiny on how NHS suppliers handle cybersecurity.?
• Ransomware Surge: UK healthcare is being specifically targeted by ransomware groups, putting patient data at ongoing risk.?

• Third-Party Risks: NHS hospitals rely on private providers—but do they assess their affiliated providers’ security practices??

?? CISO Takeaway: Private healthcare providers handling NHS patient data must be held to the same cybersecurity standards as NHS Trusts. Weak security controls in affiliated providers create a blind spot for cyber threats.?

?? Read More: HCRG Cyberattack

?? Cyber Attack Delays Cancer Treatments at NHS Hospital?

Wirral University Teaching Hospital NHS Trust faced a major cyberattack in late 2024, forcing staff to cancel outpatient appointments, shift to manual processes, and delay cancer treatments. With over 100 patients per week missing the 62-day cancer treatment standard, the attack has had direct patient safety consequences.?

Why This Matters:?

• Beyond IT Disruptions: Cyber incidents are now patient care incidents—NHS cybersecurity failures can cost lives.?

• Ransomware Targeting Critical Services: Many NHS hospitals still rely on outdated systems that attackers exploit. ?

• Operational Disruptions: The shift to manual processes strains staff and slows treatment. ?

?? CISO Takeaway: Legacy system risk assessments and Zero Trust segmentation should be priorities to minimise disruptions in patient care.? ?

?? Read More: Wirral University Teaching Hospital?

?? UK Introduces Cyber Attack Severity Rating System?

The UK government has proposed the Cyber Monitoring Centre (CMC), a new severity rating system to classify cyberattacks. This initiative aims to categorize cyber incidents on a scale from one (least severe) to five (most severe), helping businesses—including healthcare organisations—respond more effectively.?

Why This Matters:?

• Better Incident Response: Hospitals can now prioritise cyber events based on severity, improving NHS resilience.?

• National Cybersecurity Strategy: Aligns NHS response protocols with the UK’s evolving security framework.?

• Mandatory Compliance Implications: The rating system could shape future NHS cybersecurity compliance rules.?

?? CISO Takeaway: NHS Trusts should prepare for potential integration of this rating system into future CAF/DSPT compliance standards.?

?? Read More: Cyber Attack Severity Rating System?

Expert Insights: What Healthcare CISOs Should Know?

Emerging Threat: Medusa Ransomware Targets UK Healthcare ?

The Medusa ransomware group is claiming responsibility for the HCRG Care Group attack, highlighting aggressive double-extortion tactics where data is encrypted and leaked for ransom leverage.?

CISO Action Plan:?

• Adopt a Zero Trust Model: Assume breach; restrict access & enforce least privilege.?

• Strengthen Endpoint Security: Deploy AI-driven threat detection for IoC (Indicators of Compromise) to catch ransomware before it spreads.?

• Ensure Resilient Backup & Recovery: Use immutable backups and test rapid recovery processes.?

?? Learn More About: Medusa Ransomware?

Ask the Expert: Q&A with Cylera’s Security Team?

February Edition: Insights from Samantha Staynings , Global Marketing Manager

Q: “How can NHS hospitals detect and stop ransomware before it disrupts patient care?”?

A: “Ransomware attacks like Medusa and NailaoLocker are becoming more sophisticated, often bypassing traditional defences and directly impacting healthcare services. To stop these threats before they spread, NHS Trusts should focus on: ?

• Proactive Threat Detection – Deploy AI-driven threat detection to identify unusual behavior before encryption begins.?

• Automated Network Segmentation – Isolate infected systems in real-time to prevent lateral movement across hospital networks.?

• Security Drills & Response Planning – Simulate ransomware scenarios to test NHS Trust incident response capabilities.?

Real-time detection, automated response, and proactive security testing are the most effective ways to stop ransomware before it impacts patient care.”?

Resource Vault: Must-Read Cybersecurity Insights?

?? Potential Ban: Should UK Public Bodies Be Banned from Paying Ransomware??

?? Real-Time Threat Detection: First Line of Defense Against Exploits?

?? Implementing Zero Trust in Healthcare: A Comprehensive Guide for IT Teams?

?? Cybersecurity Compliance: CAF vs. DSPT – Breaking Down UK Security Frameworks?

?? On-Demand: Expert Insights for Reducing Medical Device Cyber Risks in 2025?

?? Want deeper insights? Stay Ahead of Cyber Threats in Healthcare. Subscribe now for exclusive updates, expert insights, and compliance strategies—delivered monthly.?