Here’s your weekly #databreach news roundup:
HCRG, Genea, DM Clinical Research, and Finastra.
HCRG
U.K. healthcare giant HCRG Care Group has confirmed it’s investigating a cybersecurity incident after a ransomware gang claimed to have breached the company’s systems to steal troves of sensitive data. #databreach https://t.co/Y9S8ZUVkQb
— DevaOnBreaches (@DevaOnBreaches) February 21, 2025
HCRG Care Group, a major healthcare provider in the U.K., is investigating a cybersecurity incident after the Medusa ransomware group claimed to have stolen over two terabytes of sensitive data, including personal, medical, financial, and government documents. The company, which provides various healthcare services, was listed on the dark web by Medusa, which is demanding a $2 million ransom to prevent the release of the stolen data. HCRG is working with forensic experts to investigate and has notified relevant authorities, but it has not confirmed how the breach occurred or how many people are affected. Services continue to operate normally for patients.
Genea
Australian IVF giant Genea has disclosed a cybersecurity incident that disrupted patient services and led to the access of potentially sensitive information.https://t.co/EjbiFRFodF
— DevaOnBreaches (@DevaOnBreaches) February 21, 2025
Genea, one of Australia’s largest IVF providers, has revealed a cybersecurity incident that disrupted its services and potentially exposed sensitive patient information. The company confirmed the attack after reporters inquired, stating that it is urgently investigating the breach. While Genea has not disclosed exactly what data was accessed, it confirmed that the hacker gained access to some of its systems. This incident led to outages with phone lines and the temporary shutdown of the MyGenea app. The company is working to minimize disruptions to patient treatment and will notify affected individuals if any personal data was compromised.
DM Clinical Research
A Dallas, Texas-based clinical research firm had its database exposed, containing sensitive personal healthcare records of over 1.6 million individuals – all without any security authentication.https://t.co/zMWgBF77qq
— DevaOnBreaches (@DevaOnBreaches) February 20, 2025
A Texas-based clinical research firm, DM Clinical Research, accidentally exposed a database online containing sensitive personal and healthcare data of over 1.6 million individuals. The database, which was not protected by encryption, passwords, or security authentication, included information like names, birthdates, contact details, vaccination statuses, and medical conditions. The company, which works with pharmaceutical and medical organizations, restricted access to the database after being notified by a cybersecurity expert, but it’s unclear how long it was exposed or if anyone else accessed it. This exposed data could lead to risks like identity theft, phishing attacks, or higher health insurance premiums.
Finastra
Financial technology giant Finastra is notifying victims of a #databreach after their personal information was stolen by unknown attackers who first breached its systems in October 2024. https://t.co/TkicZZfYJK
— DevaOnBreaches (@DevaOnBreaches) February 19, 2025
Finastra, a major financial technology company, is notifying victims of a data breach after attackers accessed its systems between October 31 and November 8, 2024. The breach involved unauthorized access to a Secure File Transfer Platform (SFTP), where certain files containing personal information were stolen. While the company believes the risk of misuse is low, it has offered affected individuals two years of free credit monitoring and identity restoration services. The breach may be connected to a post on a cybercrime forum where stolen data was being sold. Finastra has not disclosed the number of individuals affected or the full extent of the exposed data but has acknowledged vulnerabilities in its systems that may have allowed the breach.
