The website of Ministry of Health was invaded at dawn this Friday, 10, and went off the air. Platforms such as the Coronavirus Panel, the e-SUS Notifica, the National Immunization Program Information System (SI-PNI) and the Connect SUS, which displays vaccination data against covid-19, were also hit. The Lapsus$ Group claimed responsibility for the cyber attack.

In a statement, the folder informed that DataSUS “is acting with maximum agility for the reestablishment of platforms”. He also said that he called on the Institutional Security Office (GSI) and the Federal Police to assist in the investigations.

When trying to access the folder’s portal, users encountered the message: “The systems’ internal data has been copied and deleted. 50 TB (Terabyte) of data is (sic) in our hands.” The message, at dawn, was unavailable, but the platforms remained down.

At the top of the page is a warning of “ransomware” (software intentionally designed to harm a server). In other words, it is having access restriction to the system, infected with a kind of blockage. In addition, those responsible ask for a contact to be made through a Telegram account or e-mail, “if they want the data to be returned”.

On social networks, there are several reports of people concerned about the disappearance of their data in Conecta SUS. When trying to log into the application, users were faced with an error message and were unable to access the covid-19 vaccination data, as the platform is responsible for issuing the immunization certificate.

Currently, the document is required to have access to various places in Brazil, such as concerts, football matches and restaurants, in addition to being mandatory for trips abroad.

The federal government begins requesting this Saturday, 11, proof of vaccination for the entry of international travelers into the country. It is still not known how the current failure can affect the charge. Jair Bolsonaro’s administration, however, had already opened a loophole so that those who do not have a vaccination passport can carry out a five-day quarantine on national soil.

ConnectSUS down! I can’t log in and the data about the vaccines are gone and look at the Ministry of Health website as it is Pictures of @j birth pic.twitter.com/fpLh6ue7J2 — Matheus Almeida #PFF2 (@Mathevinicius1) December 10, 2021

While the national system is down, those vaccinated in the city of São Paulo can resort to the Platform for Health in São Paulo (e-saúdeSP). Among other features, the application brings the user’s immunization data.

DataSUS, which stands for Department of Informatics of the Unified Health System, encourages and evaluates actions to computerize the SUS. In addition, it is responsible for defining how the capture and transfer of health information is carried out, with the objective of integrating databases and implemented systems.

According to the department’s website, in 25 years of operation, it has already developed more than 200 systems for the folder. With servers installed in two safe rooms, in Brasília and in Rio de Janeiro, it claims to be able to “store information on the health of the entire Brazilian population”.

The Coronavirus Panel, on the other hand, maps the disease in the country. With data on cases and deaths, it shows the evolution of the virus in the country.

past attacks

This year alone, the folder’s systems have already suffered two other attacks. In both, attackers criticized the security of the agency’s data.

In late January, a hacker broke into the Ministry of Health’s systems, but there was no information leak, just harsh criticism of the platform. “THIS SITE IS A GARBAGE!”, stated the message, written in capital letters, which was visible on FormSUS – a DataSUS service that gathers information from patients in the public health network.

A few weeks later, in February, a similar invasion occurred on FormSUS. “Fix this dirty site or the next time you’ll leak the data of those responsible for this crap,” said the message left by the attacker.

At the end of 2020, with the Superior Court of Justice (STJ) and the Superior Electoral Court (TSE), the folder had systems attacked by the Portuguese hacker group CyberTeam. At the time, there was also a loss in the disclosure of data about covid.

Leaks

The year 2020 was also marked by the identification of at least three information leaks from the folder. In these cases, human and governance failures were pointed out, not cyber attacks.

In June, the non-governmental organization Open Knowledge Brasil (OKBR) identified a vulnerability in accessing the covid case notification system which made it possible to access data from patients undergoing disease testing. In the complaint, to which the state had access, the entity reported that the problem was in the improper exposure of login and password to access a shared folder where there were reports with data from the e-SUS Notifica system, which receives notifications of light and moderate cases of covid.

In November of last year, the problem was repeated. About 16 million Brazilians who had a suspected or confirmed diagnosis were left with personal and medical data exposed on the internet for almost a month because of a system password leak. The data was opened after an employee at the Hospital Albert Einstein released a list of users and passwords that gave access to the databases.

Next month, a new security hole in the covid notifications system has been found.. For at least six months, the personal data of more than 200 million Brazilians were exposed. Once again, the problem was caused by improper exposure of login and password access to the system that stores the registration data of all Brazilians at the Ministry of Health.