Web sites underneath Brazil’s Ministry of Well being (MoH) have suffered a significant ransomware assault that resulted within the unavailability of COVID-19 vaccination knowledge of tens of millions of residents.
Following that assault that befell at round 1am at the moment (10), all of MoH’s web sites together with ConecteSUS, which tracks the trajectory of residents within the public healthcare system, grew to become unavailable. This consists of the COVID-19 digital vaccination certificates, which is on the market through the ConecteSUS app.
In line with a message left by the Lapsus$ Group, which has claimed duty for the assault, some 50TB value of information has been extracted from the MoH’s methods and subsequently deleted. “Contact us if you need the information returned”, the message mentioned, alongside contact particulars for the authors of the assault.
Simply earlier than 7am, the pictures with the message left by the hackers have been eliminated, however the web sites remained unavailable.
Contacted by ZDNet concerning the measures in place to mitigate the assault and restablish the methods, and whether or not there are backups for the information allegedly stolen from its methods, the Ministry of Well being had not returned requests for remark on the time of writing.
The incident follows a earlier assault on the Brazilian Well being Regulatory Company (Anvisa) in September. The assault was targeted on the healthcare declaration for vacationers, obligatory for people coming into Brazil through airports.
The assault befell quickly after the cancellation of World Cup qualifier match between Brazil and Argentina, whereby Anvisa interrupted the sport after 4 Argentinian gamers have been accused of breaking COVID-19 journey protocols.
Equally, the most recent problem confronted by the Ministry of Well being happens amid growing stress on the Brazilian authorities to demand COVID-19 vaccination certificates from worldwide vacationers coming to Brazil, as a response to the rise of the omicron variant.
This isn’t the primary main safety problem confronted by Brazil’s Ministry of Well being over the previous couple of months. In November 2020, private and well being info of greater than 16 million Brazilian COVID-19 sufferers have been leaked on-line after a hospital worker uploaded a spreadsheet with usernames, passwords, and entry keys to delicate authorities methods on GitHub.
Lower than every week later, one other main safety incident emerged. The non-public info of greater than 243 million Brazilians, together with alive and deceased, was uncovered on-line after internet builders left the password for an important authorities database contained in the supply code of an official MoH web site for a minimum of six months.