Last week, a vicious ransomware attack aimed at several websites of the Brazilian Ministry of Health (MoH) deleted COVID-19 vaccination data of millions of citizens.
The attack took place on Friday, Dec. 10, at around 1 AM, reportedly compromised some of the ministry’s systems, leaving them temporarily unavailable.
Some of the most notable assets affected by the attack included a system that keeps track of Brazil’s national immunization program and one that issues digital vaccination certificates.
The Lapsus$ Group left a message on the main page of the website, claiming responsibility for the attack. They also said they managed to extract and delete approximately 50 TBs worth of data from the compromised websites.
The group’s message also included an email address and Telegram contact information, where the attackers asked to be contacted to discuss the terms of returning the data.
Although the ransom message was removed by Friday afternoon, the website was still down. Additionally, user data such as vaccination certificates from ConecteSUS, one of the afflicted services, have been apparently wiped.
Brazil’s Health Minister Marcelo Queiroga said the data that’s been allegedly copied and subsequently deleted from the afflicted websites was backed up by his department prior to the attack and that the ministry is working on restoring the systems.
The National Data Protection Authority (ANPD) has asked the ministry for clarifications on the case, and it will contact the Federal Police and Institutional Security Office for cooperation on investigating the attack further.
ConecteSUS, one of the services compromised by the cyberattack, is a digital gateway that helps Brazilian citizens access their medical history.
This website, also available as a mobile app, lets citizens access personal medical files such as hospitalizations, dispensed medication, vaccination sheets, COVID-19 lab tests, as well as the COVID-19 National Vaccination Certificate, and a Digital Vaccination Card.