Brazilian Ministry of Health recovers systems over a month after cyberattack

Attackers had access credentials, according to the department; minister rules out internal sabotage
Written by Angelica Mari, Contributing Writer

After a major cyberattack brought key systems of Brazil's Ministry of Health (MoH) to a halt, the department has reported all its platforms are back online.

According to a statement released by the MoH on Friday (14), most systems have been reestablished following a cyberattack in early December 2021, including ConecteSUS, which holds COVID-19 vaccination data. However, some systems still need to be recovered, and the deadline for completing the work is this coming Friday (21).

As a result of the cyberattack, crucial data on the pandemic, including cases, deaths and vaccination data, was unavailable for nearly a month. This meant that, for example, institutions that rely on government data on COVID-19 to monitor the local developments around the virus could not access the information they need since early December 2021. Hospital managers also reported challenges introduced by the lack of access to data in aspects such as planning for new beds and purchasing medicines as well as hiring professionals.

However, Rodrigo Cruz, executive secretary at the MoH, insisted there was no loss of information or a healthcare data blackout. "The Ministry continued to receive and disseminate data [since the cyberattack], especially the data relating to the [COVID-19] pandemic. This information was and continues to be easily accessible on our website through our newsletters and epidemiological bulletins," he said.

The attackers used legitimate access credentials to access the national healthcare data network. Cruz noted that this cloud-based database feeds systems, including those relating to the pandemic management, meaning there was no need for any sophisticated cyberattack techniques. Responsibility for the attack was claimed by the Lapsus$ Group, which said 50TB worth of data had been extracted from the MoH's systems and subsequently deleted.

The MoH secretary confirmed the attackers were able to access other MoH systems and deleted COVID-19 data, as well as systems. "These are not off-the-shelf systems that can be erased and reinstalled with a CD or a USB stick. When the system is deleted, it has to be rebuilt since it is customized and built specifically for the Ministry of Health," he noted.

Cruz added the first challenge was to ensure that no data had been compromised, then rebuild the systems so that the MoH could receive the data produced by cities and states. He pointed out, all systems have had their data capture processes established.

According to the Brazilian Ministry of Health, all the department's access credentials have been updated, and access control processes have been improved. In addition, the cyber risks and vulnerabilities of the main MOH systems have been assessed. A data protection committee has also been created as part of the department's action plan to deal with the fallout of the cyberattack.

Questioned about the possibility of the involvement of civil service staff in the occurrence, Brazilian health minister Marcelo Queiroga said, "if there was any sabotage, it was not on the ministry's part". He added criminals orchestrated the attack, and the Federal Police are investigating it.

Editorial standards