Hackers attack the Brazilian health ministry website, delete all vaccination records

On Friday, hackers identifying themselves as “Lapsus$Group” took down several systems within Brazil’s health ministry. At this point, it looks like a ransomware attack but the possibility exists that it was, in fact, a way to destroy the government’s collection of vaccine information.

Reuters reported on the story:

Brazil's health ministry said its website was hit on Friday by a hacker attack that took several systems down, including one with information about the national immunization program and another used to issue digital vaccination certificates.


The alleged hackers, calling themselves Lapsus$ Group" posted a message on the website saying that internal data had been copied and deleted. "Contact us if you want the data back," it said, in an apparent ransomware attack.

The message, which included e-mail and Telegram contact info, had been removed by Friday afternoon, but the web page was still down, while user data in the ConectSUS app that provides Brazilians with vaccination certificates had disappeared.

ZDNet offered more detailed information about what was missing:

Websites under Brazil's Ministry of Health (MoH) have suffered a major ransomware attack that resulted in the unavailability of COVID-19 vaccination data of millions of citizens.

Following that attack that took place at around 1 am today, all of MoH's websites including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app.

It gets worse:

This is not the first major security issue faced by Brazil's Ministry of Health over the last few months. In November 2020, personal and health information of more than 16 million Brazilian COVID-19 patients were leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub.

Less than a week later, another major security incident emerged. The personal information of more than 243 million Brazilians, including alive and deceased, was exposed online after web developers left the password for a crucial government database inside the source code of an official MoH website for at least six months.

Image: Twitter screen grab.

Because America doesn’t yet have socialized medicine, all of our health records aren’t consolidated in a single database. However, the press to federalize vaccination and require vaccine passports means that we can be virtually certain that the federal government will set up a universal database with information for all Americans. It will be a honeypot for every foreign government (China? Russia?) to attack, as well as for every hacker to hack. And does anyone really think that the federal government will be anything but inept when it comes to protecting that information? I don’t.

However, Glenn Reynolds at Instapundit, who gets a hat tip for this story, had an interesting tweet from someone in New Zealand, suggesting a possible alternative reason for the hack:

Hacking is a dangerous business. If you’re caught hacking into government systems and you’re not a transgender activist (think: the mentally disturbed and excessively stupid Bradley Manning), many years in prison are in your future. However, it’s entirely possible that the members of Anonymous Hackers are willing to take those risks to end a future of electronic vaccine passports tracking every person in America. Again, the activity is illegal and the risks are incredibly high, so I am not recommending this course of action, but it’s hard to imagine that an organization that’s dedicated to pushing back against cyber-surveillance and censorship will long be able to resist the challenge.

To comment, you can find the MeWe post for this article here.

If you experience technical problems, please write to helpdesk@americanthinker.com