Some of our customers have been affected by the data breach reported by the HCRG Care Group.  The group is currently investigating claims by a ransomware group that more than two terabytes of sensitive information has been breached.
The group, previously known as Virgin Care, runs child and family health and social services for the NHS and local authorities.  The group has informed the ICO about the suspected attack.  

HCRG may or may not have contacted you about the breach if you are one of their customers.  It is easy to assume the worst as they likely hold a lot of data.  If you have a contact at HCRG Care Group you could reach out and try and understand what has been the scope, nature and impact of the breach; although you may not receive a reply at this time as they work on understanding the extent of any breach.

At this time, no further information is available.

Best Practice

We would always advise reviewing Supplier Due Diligence Best Practice before working with any third party provider that you will share any personal data with. Part of the assessment of a third party supplier is understanding where and how they store data.

Further help and advice can be found in our Data Breach Best Practice Area or you can email us on This email address is being protected from spambots. You need JavaScript enabled to view it. 

Where possible, it is best to be transparent and share any updates with staff, customers or parents that might be affected.