Ransomware victim disclosure
← All victimsConsorci Sanitari Integral
Claimed by Ransomexx · listed 2 years ago
Status timeline
- ListedApr 22, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomexx
- Status
- Data leaked
- Country
- Spain
- Sector
- Healthcare
- Listed on leak site
- Apr 22, 2024
- Data size
- 52.47 GB
About the victim
AI dossier — public-source company profileConsorci Sanitari Integral (CSI) is a major healthcare consortium serving the Barcelona and surrounding Catalonia region in Spain. It operates multiple hospitals, primary care centers (CAPs), and residential facilities across Barcelona and Baix Llobregat, providing comprehensive medical services including specialized residencies, research, and teaching programs.
- Industry
- Healthcare & Hospital Management
- Address
- Av. Josep Molins, 29-41, 08906 L'Hospitalet de Llobregat, Spain
Attack summary
Severity: critical — Large-scale exfiltration of healthcare data from a major hospital consortium exposes sensitive patient medical records and PII. Healthcare data is regulated (GDPR, LOPD in Spain) and highly sensitive. 52.47 GB suggests significant volume of clinical and patient information.Ransomexx claims to have exfiltrated 52.47 GB of data from CSI. The group has published the data, confirming data theft rather than encryption-only attack.
Data the group says was taken
AI dossier — extracted from the leak post- Clinical documentation
- Patient medical records
- Healthcare administration data
- Institutional records
What the group claims
Consorci Sanitari Integral (CSI) is a healthcare consortium based in Catalonia, Spain Leaked data size: 52.47GB.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

