Hacker attacks on health websites in Brazil show the importance of data security in all areas

An alleged hacker attack took down ConecteSUS, the official application that stores proofs of vaccination in the country, and the Ministry of Health's website

Dec 14, 2021

The importance of protecting data and systems from hacker attacks becomes more and more relevant every day. According to data from Cybersecurity Ventures and Risk-Based Security, every 14 seconds a company is the victim of a ransomware attack. In one of these intervals, last week, the victims were the website and application ConnectSUS and the official page of the Ministry of Health in Brazil. Without a doubt, this new attack makes the list of the most significant ransomware attacks of 2021, and systems are yet to be fully restored in Latin America's biggest country. 

Brazil's federal government confirmed that it "has suffered an incident" that compromised some of its health systems. In addition, the Health Ministry said that it has called on the country's Security Office and the Federal Police to support the investigations.

In a sequence of events typical of this type of attack, anyone accessing the official website of the Brazilian Health Ministry would encounter a "ransomware alert." A group known as the "Lapsus$ Group" claimed responsibility for the attack, declared it "copied and deleted" 50TB of data and left a Telegram and email for contact. In this type of event, the criminal group hijacks the information and demands a ransom payment to get it out. And the criminals are getting better at the process, which has become an industry worldwide, affecting companies and governments globally.

Even days after the incident, systems remained unstable, with reports in the Brazilian press of real problems for the millions of people who depend on the tools affected. Moreover, as we posted this text, some essential tools to fight the pandemic in a country that was once the epicentre of it are still offline, such as the application that stores proofs of vaccination, ConnectSUS, even as the authorities state they have recovered all the lost data.

The Importance of Security and Encryption

In cases like this, two questions become essential: how did criminals gain access to the systems and whether the information collected was encrypted. Regarding access, there are many ways in which hackers break into a system, but most of the time, the answer is human error.

Many people are surprised to find that implementing and maintaining data security can start by adopting simple methods, such as using complex, unique passwords and multiple authentications. One of the biggest ransomware attacks of the year, against the US company Colonial Pipeline, happened precisely because hackers managed to infiltrate internal servers using a compromised username and password. In addition, there are several more advanced data security tools that businesses need to adopt, especially in a world where even governments are not immune from attacks.

Without a doubt, it is imperative that companies and governments work with the possibility that, even using advanced tactics, their systems can be invaded. Therefore, data protection through encryption tools becomes even more relevant. In the most recent Brazilian case, it is still unknown if the hackers actually had access to the information. Still, the concern is even greater because it is absolutely sensitive data of millions of people - their health data, personal information, and vaccination status.

Companies and governments need to work with encrypted data and use the latest technology for encryption. Schemes known as "searchable symmetric encryption" are designed for security and with a technical environment, as the daily need for access and management that a Ministry of Health has, especially in times of pandemic, in mind. "Ultimately, these schemes allow that even if a cloud service is hacked, the data is encrypted. Individuals or companies are the only ones who have the private key to unlock this data", explains the advisor and co-founder of the Vaultree, Kevin Curran.

"Keeping the data encrypted in clouds, but still with the possibility of searching and working with them, is a way to avoid future leaks", adds the security specialist.