Ministry of Health still doesn’t know if there were data losses after hacker attack

The executive secretary of the Ministry of Health, Rodrigo Cruz, said that it is still not possible to assess whether there was data loss after the hacker attack in the early hours of Friday (10). This is still under investigation as it is a very extensive database.

“This is a question that everyone asks themselves. The Ministry itself asks this question. We are finalizing the investigations. Both we and the contracted company, which hosts the data, have a backup policy. When importing this data, some data can be corrupt. It is too early to state categorically,” he said.

The statement was given this Friday afternoon at a press conference held at the Ministry of Health.

Cruz said that what can be done to prevent a new attack will still be evaluated by the Ministry. For this, he believes it is necessary to meet with Abin and the Federal Police to improve processes within the ministry.

He said that the database dealing with the registration of vaccinations could not be re-established. There is still no deadline for this to happen.

However, it is possible to prove that you have completed the vaccination schedule using your physical card. If lost, the person can ask for a second copy at the UBS (Basic Health Unit).

In addition, there are states that have their own databases. States using the Ministry of Health database may also be experiencing instability.

The Ministry of Health also asked the Ministry of Foreign Affairs to notify all countries that receive direct flights from Brazil in order to inform them of the temporary unavailability of the system and, during this period, accept the physical card.

After the hacker attack on the Ministry of Health, the Bolsonaro government announced that it would postpone the application of the new rules for the entry of travelers to Brazil by a week. The measures would take effect this Saturday (11).

Among them are the requirement of a five-day quarantine for non-immunized persons arriving on international flights, in addition to testing carried out up to 72 hours before boarding, and the presentation of proof of vaccination or negative test at the land border.

The postponement was decided this Friday morning and is a consequence of the attack on the ministry’s systems.

“As a precaution, we are going to publish an ordinance today, postponing for seven days the beginning of the validity of the rules that are in place and would start tomorrow”, said the Executive Secretary of Health, Rodrigo Cruz.

According to him, the objective is not to harm Brazilians who are abroad and intend to return.

The measure taken to prevent the advance of the omicron variant of the new coronavirus was announced by the government this week.

Now, it will go into effect on December 18th. The ordinance with the postponement should be published, in an extra edition of the Federal Official Gazette, this Friday.

The Ministry of Health’s website went offline in the early hours of this Friday. When trying to access the portal, users found a message stating that the system data had been copied and deleted and was in the hands of the attacking group.

“Contact us if you want the data back,” the message read. Minutes later, the message disappeared, but the site remained down. Only during the afternoon of this Friday the site went online again.

The attack compromised some systems in the folder, such as e-SUS Notifica, Information System of the National Immunization Program (SI-PNI), ConectaSUS and features such as the issuance of the Covid-19 National Vaccination Certificate and the National Digital Vaccination Card .

Health minister Marcelo Queiroga said he hoped to find and “exemplify” the perpetrators of the attack. He also stated that the folder has a way to retrieve the information.

A preliminary analysis by the Federal Police found that there was no data kidnapping from the Ministry of Health in the hacker attack this Friday (10).

The main hypothesis of the authorities is that the criminal action was motivated by political activism on the internet, the so-called hacktivism. They assess whether there was any loss of information.

According to experts assigned to investigate the situation, the account used to access the ministry’s website was identified and is now being tracked.

In an official statement on the case, released this Friday afternoon, the PF informed that an inquiry was launched “to determine the authorship and materiality of the crimes of invasion of a computer device, interruption or disruption of computer, telematic or public utility information services and criminal association”.

“It was found that the Ministry of Health’s databases of systems were not encrypted by the hackers,” police said.

According to leaf he found, even though the Ministry of Health has backed up the data, it is possible that not all of them were up-to-date in the backup. So, right now, the government is doing some sort of scanning to see if any data has been lost.

Members of the Ministry of Health said the attack has not hindered the ministry’s operational work, as they do not depend on the affected systems to carry out their day-to-day work.

The “ransomware”, the type of virtual attack that would have been made on the website and platform, encrypts data and prevents it from being accessed. In this type of attack, criminals often ask for a ransom to return the data.

Column in leaf, specialist Ronaldo Lemos explains that “ransom” means kidnapping and says that the impact of this type of attack is devastating. According to him, these attacks have turned into a professionalized operation, with a 24-hour “call center” for the victim to contact criminals.

In September, a page on the website of Anvisa (National Health Surveillance Agency) was hacked. The target was the section containing the Traveler’s Health Declaration form.

The incident occurred after the agency’s decision to interrupt the soccer game for the World Cup qualifiers last Sunday (5) between Brazil and Argentina.

The form that suffered the attack is mandatory for anyone, Brazilian or not, who intends to enter the country — and it was filled in with false information by four Argentine athletes, who concealed their passage through the United Kingdom in the last 14 days.

When clicking on the page, a flag of Argentina appeared with the phrase: “We didn’t need forty (sic) to walk around your servers. Are we going to be expelled too?”.

At the beginning of November, scientific popularizer Atila Iamarino, columnist for leaf, had their personal data changed in the vaccination certificate registered in the ConectSUS account, an application administered by the Ministry of Health.

Other users also reported at the time that their accounts on the platform displayed records of exams they had not taken.

In Atila’s case, the attackers exchanged her data for personal offenses and racist content.

In a post on his Twitter profile, he says they changed his name, nationality and his mother’s name. “How do I feel with my data in the hands of whoever did this? With my son’s data there?”, he wrote.

Another report from leaf showed that the complete data of millions of Brazilians are exposed on the internet on websites that can be accessed by anyone willing to pay a monthly fee that varies around R$ 200.