Brazil Health Ministry Website Hit by Hackers, Vaccination Data Targeted

Brazil Health Ministry Website Hit by Hackers, Vaccination Data Targeted
A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Kacper Pempel/Reuters
Reuters
Updated:

BRASILIA—Brazil’s health ministry said its website was hit on Friday by a hacker attack that took several systems down, including one with information about the national immunization program and another used to issue digital vaccination certificates.

The government put off for a week implementing new health requirements for travelers arriving in Brazil due to the attack.

“The health ministry reports that in the early hours of Friday it suffered an incident that temporarily compromised some of its systems ... which are currently unavailable,” it said in a statement.

Police said they were investigating the attack.

The alleged hackers, calling themselves Lapsus$ Group posted a message on the website saying that internal data had been copied and deleted. “Contact us if you want the data back,” it said, in an apparent ransomware attack.

The message, which included e-mail and Telegram contact info, had been removed by Friday afternoon, but the web page was still down, while user data in the ConectSUS app that provides Brazilians with vaccination certificates had disappeared.

The ministry said it was working to restore its systems. At a news conference, Deputy Health Minister Rodrigo Cruz said access to the vaccination data had still not been recovered by Friday evening. Cruz said it was too early to say whether the data had been lost.

Under measures decided on Tuesday after President Jair Bolsonaro opposed the use of a vaccine passport, unvaccinated travelers arriving in Brazil will have to quarantine for five days and be tested for COVID-19.

The requirement was due to start on Saturday, but the government said that will be postponed for a week as vaccination data was not accessible online following the attack.

COVID-19 tracing forms for arriving airline passengers were still available on health regulator Anvisa’s website, which was not targeted.