[BreachExchange] Brazilian Ministry of Health suffers cyberattack and COVID-19 vaccination data vanishes

[Terrell Byrd]

https://www.zdnet.com/article/brazilian-ministry-of-health-suffers-cyberattack-and-covid-19-vaccination-data-vanishes/

Websites under Brazil's Ministry of Health (MoH) have suffered a major
ransomware attack that resulted in the unavailability of COVID-19
vaccination data of millions of citizens.

Following that attack that took place at around 1 am today, all of MoH's
websites including ConecteSUS, which tracks the trajectory of citizens in
the public healthcare system, became unavailable. This includes the
COVID-19 digital vaccination certificate, which is available via the
ConecteSUS app.

According to a message left by the Lapsus$ Group, which has claimed
responsibility for the attack, some 50 TB worth of data has been extracted
from the MoH's systems and subsequently deleted. "Contact us if you want
the data returned", the message said, alongside contact details for the
authors of the attack.

Just before 7 am, the images with the message left by the hackers were
removed, but the websites remained unavailable.

Contacted by ZDNet about the measures in place to mitigate the attack and
reestablish the systems, and whether there are backups for the data
allegedly stolen from its systems, the Ministry of Health has not returned
requests for comment at the time of writing.

The incident follows a previous attack on the Brazilian Health Regulatory
Agency (Anvisa) in September. The attack was focused on the healthcare
declaration for travelers, compulsory for individuals entering Brazil via
airports.

The attack took place soon after the cancellation of the World Cup
qualifier match between Brazil and Argentina, whereby Anvisa interrupted
the game after four Argentinian players were accused of breaking COVID-19
travel protocols.

Similarly, the latest issue faced by the Ministry of Health occurs amid
increasing pressure on the Brazilian government to demand COVID-19
vaccination certificates from international travelers coming to Brazil, as
a response to the rise of the omicron variant.

This is not the first major security issue faced by Brazil's Ministry of
Health over the last few months. In November 2020, personal and health
information of more than 16 million Brazilian COVID-19 patients were leaked
online after a hospital employee uploaded a spreadsheet with usernames,
passwords, and access keys to sensitive government systems on GitHub.

Less than a week later, another major security incident emerged. The
personal information of more than 243 million Brazilians, including alive
and deceased, was exposed online after web developers left the password for
a crucial government database inside the source code of an official MoH
website for at least six months.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211210/9e1a1372/attachment.html>