Brazil's Ministry of Health Attacked by Hackers, Data Wiped
Brazil's Ministry of Health suffered what appears to be a ransomware attack that led to a data disaster. In the aftermath of the cyberattack, the data concerning the vaccination status of millions of people is unavailable.
Ransomware strikes again
According to reports, the attack was carried out in the small hours of December 10. Along with the successful attack, every website belonging to the Brazilian ministry of health went offline. This includes the website containing the vaccination data and digital vaccine certificates of citizens, affecting millions of records.
The threat actor going by the name of Lapsus$ group assume responsibility for the ransomware attack. The hacker group also boasted that a staggering 50 terabytes of data were exfiltrated from the health ministry's servers, then wiped clean from its original location. The threat actors even placed their boast and their contact information as an image on the compromised websites, but the image was taken down shortly afterward, even though the sites are still unreachable.
After being contacted by reporters with tech and security outlet ZDNet, the Brazilian authorities have not yet responded. There is no clear indication of the type of ransom demand made, as the hackers seem to expect to negotiate this with the country's health authorities, in case contact is made.
Past attacks on Brazil’s health IT systems
The timing of this cyber attack is not doing the South American country any favors either. This is the second attack on Brazilian healthcare infrastructure just in the second half of 2021, with the previous attack taking place in September. Going back a bit further in time, ZDNet also reminded everyone of the late 2020 data leak that exposed both personally identifiable and health information belonging to around 16 million Brazilian citizens.
This was followed by another huge blunder in the country's healthcare IT systems. The data of nearly a quarter-billion Brazilians was left unsecured and exposed for half a year after web developers somehow left the password strings for a government website embedded in the source code of a page.