Hackers Tried to Hold Brazil’s COVID-19 Vaccine Data to Ransom

Hackers calling themselves Lapsus $ Group claim to have stolen 50 TB of data, including COVID-19 vaccination certificates, from networks operated by Brazil’s Ministry of Health.

The attack was revealed on December 10 when the home page of the Health Ministry website was replaced with an image from Lapsus $ Group claiming that the ministry would have to contact hackers to restore the data that the group had stolen, copied and removed from their networks.

ZDNet reports that Lapsus $ Group pointed to the ConnectSUS app that Brazilians can use to “view their medical history,” according to a translated version of the app website, including “vaccinations administered, COVID-19 laboratory tests performed, hospitalizations, medications dispensed” and other data.

Deputy Health Minister Rodrigo Cruz confirmed that the ministry was trying to restore its network, Reuters reportsand was unable to access the COVID-19 vaccine data. The Ministry of Health website and the ConnectSUS web application are not available at the time of writing.

But the ministry tweeted on December 12 that “the process of retrieving the records of Brazilians vaccinated against Covid-19 was completed, without loss of information”, and said that “all data was successfully recovered.” So far he has not shared details on how the data was recovered.

“For the moment”, the Ministry of Health saying in a follow-up tweet, “the department is working to reestablish vaccination registration and certificate issuance systems as quickly as possible.”

Still, the temporary loss of access to this data led Brazil to delay a policy that would have required unvaccinated travelers to be tested for COVID-19 and self-quarantined for five days after entering the country. That policy was supposed to go into effect on December 11; It has been delayed until December 18.

Leave a Comment