The cybercrime group SafePay has included the healthcare company Serveis Mèdics Penedès in its leak portal within the dark web. The criminal organization demands the payment of an economic ransom under the threat of making the stolen data public.
The private entity, founded in 1993 by doctor Josep Panyella in Vilafranca del Penedès, manages a network of medical centers distributed in key locations in the territory. Its facilities operate in Vilafranca del Penedès, Vilanova i la Geltrú, El Vendrell and Sant Sadurní d'Anoia. The inclusion in the list of victims confirms that the attackers have managed to access the company's internal systems.
SafePay sets a 48-hour ultimatum
The perpetrators of the attack have set a non-extendable deadline of two days for the company's management to satisfy the economic demand. After this time has elapsed, the cybercriminals would proceed with the mass dissemination of the compromised information. This tactic is part of the double extortion model that characterizes this specific group.
The exact volume of data exfiltrated during the intrusion is currently unknown. It has not been confirmed whether patient medical records are part of the stolen material. The opacity regarding the nature of the stolen files generates uncertainty about the real scope of the security breach.
The Escudo Digital group has contacted the management of Serveis Mèdics Penedès to verify the veracity of the incident. Cybersecurity experts are seeking to confirm the technical measures the company has adopted to contain the threat and protect the integrity of its servers.
The rescue deadline expires in 48 hours as announced by the attackers on their digital platform.
A pattern of rapid attacks on the health sector
SafePay was first detected in late 2024 and has developed an aggressive methodology based on speed. The time elapsed between initial access to the corporate network and the encryption of systems can be less than 24 hours. This speed makes it difficult for the immediate response of the IT defense teams of the affected organizations.
The collective directs its operations mainly against strategic sectors such as manufacturing, education, technology, and business services. The healthcare sector constitutes one of its priority objectives due to the criticality of the data these institutions handle. The pressure exerted on victims is usually maximum to force quick payment.
This is not the first high-profile incident attributed to this group. SafePay previously attacked the company Ingran Micro, an event that affected 42,000 people. The magnitude of that leak demonstrated the group's ability to compromise large personal and corporate databases.
In the Spanish context, the list of victims includes relevant names from the business fabric. The Chamber of Commerce of Valencia, Avance Agrícola SL, Solge, Grupo Azpiara, and the metallurgical company Estrumar have suffered similar intrusions. The presence of Serveis Mèdics Penedès on this list expands the group's radius of action towards Catalan private healthcare.