Brazil's Ministry of Health has been subjected to a second cyberattack in less than a week, compromising a number of internal systems, including the platform that stores COVID-19 vaccination data. The announcement came three days after the department had suffered its first big ransomware attack, from which it was still recuperating. On Monday evening, health minister Marcelo Queiroga confirmed the second attack, saying the latest incident, which occurred in the early hours of the same day, was smaller than the first.
The initial cyberattack, which was discovered on Friday, rendered all Ministry of Health websites inaccessible. According to a message left by the Lapsus$ Group, which has claimed responsibility for the attack, 50TB of data was extracted and then erased from the MoH's systems. Queiroga later stated that the department has a backup of the data that was allegedly obtained during the cyberattack.
According to the Federal Police, which is investigating the issue, the first attack exposed data on COVID-19 case notifications as well as the broader national vaccination programme, in addition to ConecteSUS.
According to Queiroga, the department is currently attempting to restore the systems as soon as possible. However, he stated that the second attack meant that ConecteSUS, the platform that issues COVID-19 vaccination certificates, will not be accessible as scheduled. Queiroga stated that while the attempt was unsuccessful and no data was lost, the second incident "caused turmoil" and "got in the way" of restoring systems. The minister did not say when the impacted systems would be operational again.
The governmental confirmation of the second cyberattack was followed by a statement issued by the Ministry of Health stating that Datasus, the department's IT function, performed a preventive systems maintenance exercise on Monday, resulting in systems being temporarily unavailable. Because of the second attack, civil servants were sent home on Monday because it was impossible to access the health ministry's core systems, such as the platforms that create COVID-19 pandemic reports.
The Brazilian government's Institutional Security Office (GSI) issued a statement confirming new attacks on cloud-based systems managed by government agencies had taken place. It did not, however, disclose which departments or services were targeted. It went on to say that teams are being instructed to keep evidence and that best practices for incident management are being followed.
An attack on the Brazilian Health Regulatory Agency (Anvisa) occurred in September; the hack targeted the healthcare declaration for travelers, which is required for visitors entering Brazil through airports. The attack occurred shortly after the cancellation of a World Cup qualification match between Brazil and Argentina, which Anvisa called off after four Argentine players were accused of violating COVID-19 travel guidelines.
