Second Cyberattack on The Brazilian Ministry of Health in Less Than a Week

Second Cyberattack on The Brazilian Ministry of Health in Less Than a Week

Brazil’s Ministry of Health has been hit by a cyberattack for the second time in less than a week, compromising several internal systems, including the platform that stores COVID-19 vaccination data.

The news came three days after the department had suffered its first significant ransomware attack, from which it was still recuperating. Health Minister Marcelo Queiroga confirmed the second attack on Monday (13) evening, saying the new incident, which took place on the same day’s morning, was smaller than the first.

As per Queiroga, the agency strives to restore the systems as quickly as possible. However, he did say that because of the second cyberattack, ConecteSUS, the platform that produces COVID-19 immunization certificates, won’t be backed up today (14) as anticipated.

The attack was unsuccessful, and no data was lost, according to Queiroga, but the second incident “created turbulence” and “got in the way” of getting systems back up. The minister did not give a time frame for when the impacted systems will be operational again.

Because the health ministry’s critical systems, such as the platforms that generate reports related to the COVID-19 pandemic, were unavailable following the second attack, civil officials were sent home on Monday.

In addition, the Brazilian government’s Institutional Security Office (GSI) published a statement last night confirming fresh attacks on cloud-based systems used by government agencies. It did not, however, say which departments or services were targeted. It further stated that teams are being advised to retain evidence and follow the best incident management techniques.

The initial hack, discovered on Friday, rendered all Ministry of Health websites inaccessible. According to a note left by the Lapsus$ Group, which has claimed responsibility for the attack, the MoH’s computers were hacked, and 50TB of data was taken and then erased. Later, Queiroga stated that the department had a backup of the material allegedly obtained during the incident.

In addition to ConecteSUS, data on COVID-19 case notifications and the larger national vaccination program were compromised in the initial attack, according to the Federal Police, which is investigating the issue.

The National Data Protection Authority (ANPD) is also investigating the situation and has reached out to the Institutional Security Office and Federal Police for assistance. According to Brazil’s general data protection standards, it also alerted the Ministry of Health to clarify the issue.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.