-
Cybercriminal group SafePay adds Serveis Mèdics Penedès to its dark web leak portal.
-
The healthcare provider has two days to pay or risk stolen data going public.
-
Experts still don’t know if patient medical records are part of the breach.
Time is running short for Serveis Mèdics Penedès, a Catalonian private health network. A ransomware group has confiscated their data and given them two days to pay or they will release the information on the Internet.
Now this organization is under stress like no other organization has ever experienced.
Healthcare Provider Under Siege
The SafePay group just added Serveis Mèdics Penedès to its leak portal on the dark web. This criminal organization demands a ransom payment. If the company refuses, SafePay threatens that they’ll make all the stolen information public.
Serveis Mèdics Penedès runs medical facilities in many cities, including Vilanova i la Geltrú, Vilafranca del Penedès, Sant Sadurní d’Anoia, and El Vendrell. The fact that SafePay listed them confirms one thing. They successfully infiltrated the company’s internal systems.
Payment Deadline
According to the hackers, the company has 48 hours to make a payment. After that time runs out, they’ll release everything. This is a classic double extortion move. SafePay uses this tactic all the time.
Right now, no one knows the exact volume of stolen data. We also don’t know if the patient’s medical records are part of the haul. That uncertainty is the scariest part. The lack of clarity makes the real scope of this breach a big question mark.
The Escudo Digital group already reached out to the company’s management. They want to confirm if the incident is real. Cybersecurity experts are now investigating. They are trying to figure out what technical measures the company took. Did they act fast enough to protect their servers? The attackers say the deadline ends in 48 hours from their announcement.
A Pattern of Rapid-Fire Attacks on Healthcare
SafePay first came into the limelight roughly two years ago, owing to its arsenal of speed. It takes them less than a day to lock up a system after their initial entry. That fast pace is what makes it very difficult for IT teams to respond in time.
The group loves targeting strategic sectors. Think manufacturing, education, technology, and business services. But healthcare is a top priority. Why? Because medical data is so critical. This kind of situation puts hospitals and clinics under serious pressure, which often pushes them to pay quickly to avoid further damage.
Healthcare data breaches don’t just threaten hospitals; they put millions of patients at risk. The Conduent breach alone exposed 25 million Americans’ personal information, including sensitive medical data, showing how far the ripple effects of these attacks can reach.
This isn’t SafePay’s first big hit. They previously attacked the company Ingran Micro. The attack that impacted 42,000 individuals is a prime example of the severe nature of this criminal organization. They are very good at infiltrating large databases of individuals’ and businesses’ personal information without breaking a sweat.
The group has already left a trail of victims across Spain. The list reads like a who’s who of the Spanish business world. It includes the Chamber of Commerce of Valencia. Also on the list: Grupo Azpiara, Avance Agrícola SL, Solge, and a metallurgical company called Estrumar.
Each one suffered similar intrusions. Now, Serveis Mèdics Penedès joins that unfortunate list. This attack expands SafePay’s reach into Catalan private healthcare. And the clock is still ticking.
