Websites under Brazil’s Ministry of Health (MoH) have suffered a major ransomware attack that resulted in the unavailability of COVID-19 vaccination data of millions of citizens.

Following that attack that took place at around 1 am today, all of MoH’s websites including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app.

According to a message left by the Lapsus$ Group, which has claimed responsibility for the attack, some 50 TB worth of data has been extracted from the MoH’s systems and subsequently deleted. “Contact us if you want the data returned”, the message said, alongside contact details for the authors of the attack. 

Just before 7 am, the images with the message left by the hackers were removed, but the websites remained unavailable.

Black image with text in white and red left by hackers in relating to the Brazilian Ministry of Health hack

The image left by the hackers claiming the Ministry of Health attack

Contacted by ZDNet about the measures in place to mitigate the attack and reestablish the systems, and whether there are backups for the data allegedly stolen from its systems, the Ministry of Health has not returned requests for comment at the time of writing.

The incident follows a previous attack on the Brazilian Health Regulatory Agency (Anvisa) in September. The attack was focused on the healthcare declaration for travelers, compulsory for individuals entering Brazil via airports.

The attack took place soon after the cancellation of the World Cup qualifier match between Brazil and Argentina, whereby Anvisa interrupted the game after four Argentinian players were accused of breaking COVID-19 travel protocols.

Similarly, the latest issue faced by the Ministry of Health occurs amid increasing pressure on the Brazilian government to demand COVID-19 vaccination certificates from international travelers coming to Brazil, as a response to the rise of the omicron variant.

This is not the first major security issue faced by Brazil’s Ministry of Health over the last few months. In November 2020, personal and health information of more than 16 million Brazilian COVID-19 patients were leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub.

Less than a week later, another major security incident emerged. The personal information of more than 243 million Brazilians, including alive and deceased, was exposed online after web developers left the password for a crucial government database inside the source code of an official MoH website for at least six months.