Ransomware Group: SAFEPAY

VICTIM NAME: swfldermatology[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to Southwest Florida Dermatology, a healthcare provider located in the United States that specializes in dermatological treatments and cosmetic skin procedures. The attack was publicly disclosed on July 26, 2025, indicating a recent compromise. This medical practice offers services such as acne management, psoriasis treatment, eczema care, and skin cancer screening, alongside cosmetic options like Botox and laser treatments. The breach was detected through a cybersecurity group focused on safe payment methods, suggesting that sensitive patient data or internal information may have been accessed or compromised during the attack. The leak page includes a screenshot of internal documents, which might contain confidential information but no explicit data is shown here. The incident underscores the vulnerabilities within healthcare organizations hosting sensitive patient data and the importance of robust cybersecurity measures.

While specific details about data exfiltration are limited, the leak mentions the availability of data leaks and possible download links. The attack affects the medical practice’s digital infrastructure, potentially exposing patient records and other sensitive information stored on their network. The website’s domain indicates an active online presence, and the incident was discovered promptly, ensuring that the breach is publicly acknowledged. No personal identifiers or PII are publicly disclosed in the leak report, aligning with best practices to avoid exposing sensitive information. The incident highlights the ongoing threat targeting healthcare providers, emphasizing the need for enhanced cybersecurity protocols to protect patient privacy and organizational data integrity.