Within only less than a week, the Ministry of Health in Brazil has been hit with a cyberattack for the second time. The recent attack has compromised the internal systems of the health ministry, including their repository of COVID-19 vaccine information.
The first incident against Brazil’s Ministry of Health was reported three days earlier, with ransomware being the attack vector. The health ministry was still recovering from that ransomware attack when another one came in, confirmed on December 13 evening. Nonetheless, the ministry’s spokesperson said that the second attack was smaller than the first one.
ConecteSUS is the platform used by the health ministry to issue people’s COVID-19 vaccine cards; however, it is one of the affected systems brought by the ransomware attack.
The said platform would also be offline as they recover from the problem.
The first cyberattack had been unsuccessful, according to the spokesperson, and noted that there were no confidential data that was compromised. Nonetheless, the health ministry was affected more by the second attack and said it had caused turmoil, aside from hindering their recovery from the first attack as they brought their systems back online.
The health ministry had released a statement before they announced the second attack, saying that their IT department had implemented preventive measure maintenance that caused their systems to go offline temporarily. For this reason, officials working in the health ministry were sent home since they did not have access to the system, including the ConecteSUS that generates the COVID-19 certificates.
In addition to this report, the Institutional Security Office (GSI) of Brazil published a statement that confirms attack incidents against cloud-based systems of several government institutions. There were no specific departments or services mentioned in GSI’s statement, however, they instructed that those targeted must preserve evidence of attacks and that incident measures should be applied.
The Brazilian Ministry of Health’s websites have all gone offline after the first attack, which was allegedly performed by a threat group called the Lapsus$ Ransomware Group. The threat group claimed to be responsible for attacking the ministry and said they had exfiltrated 50TB of data from the victim institution.
Based on the police investigation, there were massive data compromised from the first attack, including COVID-19 case notifications and its nationwide vaccine program records in Brazil, aside from the ConecteSUS platform.