NRS Healthcare confirms ransomware attack as RansomHub posts demands on its leak site
Ransomware group RansomHub has confirmed that it has added independent living aids manufacturer NRS Healthcare to its data leak site.
NRS Healthcare specialises in healthcare equipment manufacturing and services and provides equipment to over 250,000 homes each year. It also provides and repairs wheelchairs for the NHS.
Maidstone-based software firm Comparitech contacted NRS Healthcare about the claims after it received confirmation that the cyber attack that has been disrupting the Leicester-based healthcare company since the start of April was a ransomware attack.
RansomHub alleges to be in possession of 578 GB of data, including over 600,000 downloaded private company documents, including financial reports, contracts, and accounting documents. The likelihood of some personal data being among this remains high, particularly for employees.
A spokesperson for NRS Healthcare made the following statement: “At this stage, it is understood that the affected data relates only to an internal part of the company’s network and is not from core customer systems; however, the possibility cannot be ruled out that elements of data including information related to customers could have been copied to the internal part of the network.”
As NRS Healthcare continues its investigations into the data stolen by RansomHub, it is recommended that both customers and employees are on high alert for phishing emails, texts, and phone calls. They should also monitor bank accounts and credit reports for any unusual activity.
RansomHub is a new ransomware group thought to have ties with Russia. It posted its first victim in February 2024 and since then Comparitech have confirmed that 48 attacks have been tracked via this group.
This attack on NRS Healthcare joins two other confirmed incidents on businesses operating in the healthcare sector in the UK so far this year. The Richmond Fellowship Scotland was hit by Medusa in January 2024 when the group demanded a US$300,000 ransom. And INC carried out the highly-disruptive attack on NHS Dumfries and Galloway which crippled key systems but also saw sensitive patient data being leaked online.
NRS Healthcare hasn’t confirmed what ransom was demanded, or whether one was paid – RansomHub’s post would suggest it hasn’t, however, according to Comparitech – or how the threat actors were able to infiltrate its systems.