Brazil’s Ministry of Health became a target of a second cyberattack within a week. This cyberattack compromised several internal systems, including the station that holds vaccination data of individuals regarding COVID-19.
The news was confirmed by health minister Marcelo Queiroga on 13th December 2021, right after the first major ransomware attack just three days earlier. He further mentioned that the second cyberattack was smaller as compared to the first one.
— ZDNet (@ZDNet) December 14, 2021
While the department was working to recover the systems as soon as possible, ConecteSUS, the platform that issues vaccine certifications of COVID-19 to individuals, would not be back online on 14th December 2021, as originally planned.
Marcelo Queiroga also confirmed that the attack was unsuccessful and no data was compromised, but the second attack has disrupted the way of bringing the systems back online. Moreover, the ministry hasn’t offered an estimated time when the systems would be completely restored.
The news of the second attack was followed by an official statement of the Ministry of Health confirming that the Datasus – department responsible for IT function is carrying out a systems maintenance exercise on 13th December 2021, indicating that the systems would not be temporarily available.
Since accessing the health ministry’s core systems wasn’t possible, the civil servants were all sent home on Monday.
Also, last night, cloud-based systems operated by government bodies also faced new attacks, according to the Institutional Security Office (GSI) of the Brazilian government.
While the confirmation didn’t include the names of the targeted departments or services, they confirmed that the instructions to preserve the evidence were issued.
The first cyberattack on 10th December 2021 left all of the Ministry of Health’s websites inaccessible. According to Lapsus$ Group, which has accepted the responsibility for this attack, around 50TB of data has been stolen from the Ministry of Health’s systems and later deleted.
According to the Federal Police, in addition to data related to Covid-19 vaccination certifications and ConecteSUS, the broader national vaccination program was also compromised in the first attack.
The National Data Protection Authority (ANPD) is also working on the incident and has contacted the Institutional Security Office and the Federal Police to cooperate with the investigations. It also notified the Ministry of Health about the case, as per Brazil’s general data protection rules.
This is highly concerning as these types of data breaches usually lead to ransomware attacks and data leaks on the dark web.
Cybercriminals have been using the concern about COVID-19 luring targets with phishing scams also since January 2020. Using concern over the latest COVID-19 Omicron variant, hackers have recently targeted American Universities as well, stealing credentials and accounts.