Brazilian Ministry of Health suffers cyberattack and COVID-19 vaccination data vanishes

Hackers claimed to have copied and deleted 50TB worth of data from internal systems.

Websites under Brazil's Ministry of Health (MoH) have suffered a major ransomware attack that resulted in the unavailability of COVID-19 vaccination data of millions of citizens.

ZDNet Recommends

The best cybersecurity certifications

These certifications can help you enter an industry with a high demand for skilled staff.

Read More

Following that attack that took place at around 1 am today, all of MoH's websites, including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app.

According to a message left by the Lapsus$ Group, which has claimed responsibility for the attack, some 50TB worth of data has been extracted from the MoH's systems and subsequently deleted. "Contact us if you want the data returned", the message said, alongside contact details for the authors of the attack. 

Just before 7 am, the images with the message left by the hackers were removed, but the websites remained unavailable.

Black image with text in white and red left by hackers in relating to the Brazilian Ministry of Health hack

The image left by the hackers claiming the Ministry of Health attack

Following the attack, Brazilian health minister Marcelo Queiroga said his department holds a backup of the data allegedly copied and erased from the national health service's databases. The National Data Protection Authority (ANPD) said it is following up on the case.

ANPD said the Ministry of Health was notified to provide clarifications on the case, as determined by the country's General Data Protection Regulations. It added Institutional Security Office and the Federal Police will be contacted to cooperate with the investigation and inspection of the attack.

In September, the incident follows a previous attack on the Brazilian Health Regulatory Agency (Anvisa). The attack was focused on the healthcare declaration for travelers, compulsory for individuals entering Brazil via airports.

The attack took place soon after the cancellation of the World Cup qualifier match between Brazil and Argentina, whereby Anvisa interrupted the game after four Argentinian players were accused of breaking COVID-19 travel protocols.

Similarly, the latest issue faced by the Ministry of Health occurs amid increasing pressure on the Brazilian government to demand COVID-19 vaccination certificates from international travelers coming to Brazil as a response to the rise of the omicron variant.

This is not the first major security issue faced by Brazil's Ministry of Health over the last few months. In November 2020, the personal and health information of more than 16 million Brazilian COVID-19 patients were leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub.

Less than a week later, another major security incident emerged. The personal information of more than 243 million Brazilians, including alive and deceased, was exposed online after web developers left the password for a crucial government database inside the source code of an official MoH website for at least six months.

Show Comments