Brazil’s Ministry of Health has been subjected to a second hack in less than a week, compromising a number of internal systems, including the platform that stores COVID-19 vaccination data.
The announcement came three days after the department had suffered its first big ransomware assault, from which it was still recuperating. On Monday (13) evening, health minister Marcelo Queiroga confirmed the second attack, saying the new incident, which occurred in the early hours of the same day, was smaller than the first.
The agency is striving to restore the systems as soon as feasible, according to Queiroga. However, he stated that the second attack meant that ConecteSUS, the platform that gives COVID-19 vaccination certificates, would not be available today (14) as anticipated.
Queiroga stated that while the attempt was unsuccessful and no data was lost, the second occurrence “created turbulence” and “got in the way” of restoring systems. The government did not say when the affected systems will be operational again.
The governmental confirmation of the 2nd hack was followed by a statement issued by the Ministry of Health stating that Datasus, the department’s IT function, performed a preventative systems maintenance action on Monday, resulting in systems being momentarily unavailable.
Because of the second attack, public officials were sent home on Monday because it was unable to access the healthcare ministry’s critical systems, such as the portals that create COVID-19 pandemic alerts.
Also last night, the Brazilian government’s Institutional Security Office (GSI) issued a statement confirming additional assaults on cloud-based systems managed by government agencies. It did not, however, disclose which departments or services were targeted. It went on to say that teams are being advised to keep evidence and that best practices for incident management are being adopted.
The initial hack, which was discovered on Friday (10), rendered all Ministry of Health websites inaccessible. According to a note left by the Lapsus$ Group, which has claimed responsibility for the assault, 50TB of data was taken and then erased from the MoH’s computers. Queiroga later stated that the department had a backup of the data that was allegedly obtained during the incident.
As per the Federal Police, which is examining the issue, the initial attack exposed data on COVID-19 case notifications as well as the larger national vaccination program, in addition to ConecteSUS.
The National Data Protection Authority (ANPD) is also investigating the situation and has reached out to the Institutional Security Office and the Federal Police to assist in the investigations. According to Brazil’s general data protection standards, it also alerted the Ministry of Health to give an explanation on the matter.