Brazil's Ministry of Health has suffered a second cyberattack in less than a week, which has compromised various internal systems, including the platform that holds COVID-19 vaccination data.
The news emerged after a first major ransomware attack three days earlier, from which the department was still recovering. Confirming the second attack on Monday (13) evening, health minister Marcelo Queiroga said the latest event, which took place in the early hours of that same day, was smaller than the first attack.
According to Queiroga, the department is working to recover the systems as soon as possible. However, he said the second attack means ConecteSUS, the platform that issues COVID-19 vaccine certificates, would not be back online today (14) as originally planned.
Queiroga noted the attack had been unsuccessful and that no data had been compromised, but this second event "caused turmoil" and "got in the way" of bringing systems back online. The minister did not provide an estimate of when the impacted systems would be reestablished.
The ministerial confirmation of the second cyberattack was preceded by a statement released by the Ministry of Health saying that Datasus, the department's IT function, carried out a preventive systems maintenance exercise on Monday, meaning systems would be temporarily unavailable.
The second attack meant civil servants had to be sent home on Monday since it was not possible to access the health ministry's core systems, such as the platforms that generate reports relating to.
Also, last night, the Institutional Security Office (GSI) of the Brazilian government released a statement that confirmed new attacks against cloud-based systems run by government bodies had taken place. However, it did not specify which departments or services had been targeted. It added teams are being instructed to preserve evidence and that best practices around incident management are being followed.
In the first cyberattack, which became known on Friday (10), all websites under the Ministry of Health became unavailable. According to a message left by the Lapsus$ Group, which has claimed responsibility for the attack, some 50TB worth of data has been extracted from the MoH's systems and subsequently deleted. Queiroga later said the department holds a backup for the supposedly accessed data in the cyberattack.
According to the Federal Police, which is investigating the case, data on COVID-19 case notifications, as well as the broader national vaccination program, was compromised in the first attack, in addition to ConecteSUS.
The National Data Protection Authority (ANPD) is also working on the case and has contacted the Institutional Security Office and the Federal Police to collaborate with the investigations. It also notified the Ministry of Health to provide clarifications on the case, as per Brazil's general data protection rules.