Cybercrime Group DragonForce Targets UK Healthcare Staffing Provider Team Locum with Ransomware Attack

Incident Date:

April 21, 2024

World map



Cybercrime Group DragonForce Targets UK Healthcare Staffing Provider Team Locum with Ransomware Attack


Team Locum




Birmingham, United Kingdom

, United Kingdom

First Reported

April 21, 2024

Ransomware Attack on Team Locum by DragonForce

Overview of the Attack

Team Locum, a UK-based healthcare staffing service provider, has been targeted in a ransomware attack by the cybercrime group DragonForce. The attack, which compromised the company's operational integrity, involved the theft of approximately 19.53 GB of data from their systems.

Company Profile

Founded in April 2001, Team Locum Limited is a private limited company based in Birmingham, UK. It specializes in providing staffing services to pharmacies, optical stores, and healthcare providers. Despite being a small-sized entity, Team Locum has shown significant growth with a 3-year compound annual growth rate (CAGR) of 64%, substantially higher than the industry average of 3.8%. The company employs around 90 people and generates an estimated annual revenue of £3.6 million.

Analyzing Vulnerabilities

The rapid growth and significant data handling inherent in staffing services may have made Team Locum a target for ransomware attacks. The healthcare sector, in general, is known for its criticality and sensitivity of data, which heightens the potential impact and leverage for cybercriminals. Moreover, small to medium-sized enterprises like Team Locum often face challenges in implementing advanced cybersecurity measures due to resource constraints, potentially leaving gaps that can be exploited by threat actors.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.