In an interview with CNN, Renato Opice Blum, a lawyer specializing in Data Protection, Information Security, Intellectual Property, explained that several types of sanctions will be applied after the hacker attack on the Ministry of Health this Friday (10).
According to Blum, this type of attack has increased, even with the General Data Protection Act (LGPD) and new security practices.
“Sometimes, some basic oversights end up explaining this kind of circumstance, which is not expected when it comes to sensitive data. This can happen due to lack of computer update, easy or generic password or someone who fell into a malicious link, among other circumstances.”
He explained that, in an attack of this proportion, a multidisciplinary team is called to investigate the event and recover the system.
Blum said that among the possible sanctions applied are financial (which does not apply to government entities) and suspension of the processing of some data temporarily.
In the case of an outsourced company, it can be fined with a fine that can reach R$50 million or 2% of sales, whichever is smaller.
See the full interview in the video above.
Cyber attack
In the early hours of Friday (10), the Ministry of Health website was attacked by hackers. According to the Federal Police, the data on the site was not encrypted, but the Covid-19 case notification systems of the National Immunization Program (PNI) and ConectSUS were compromised.
CNN obtained first-hand the official notice from the Federal Police.
Ransomware attack
Before the Ministry of Health website (www.saude.gov.br) went down, a message from the group that allegedly committed the crime was displayed. The Lapsus$ Group, which claimed responsibility for the cyberattack, says 50 terabytes of information has been removed from the system and is in the group’s possession. “Contact us if you want data feedback”.
The attack took place around 1:00 in the morning. About two hours later, the message went offline and the site has been unavailable for access since.
The portal suffered a “ransomware”, attack characterized by a system shutdown followed by a ransom demand for release. Given the situation, stricken companies and agencies must make the difficult decision whether or not to pay hackers to remove the interruption.
Quarantine for unvaccinated people delayed by one week
After the cyber attack, the executive secretary of the Ministry of Health, Rodrigo Cruz, said that the five-day quarantine for travelers not vaccinated against Covid-19, which would be established from this Saturday (11), was postponed to the day December 18th.
“The Ministry is structuring some actions that will be taken due to the unavailability, in particular, of the vaccine system”, said the executive secretary.
“But a decision I can anticipate. I was at the Civil House, and we are going to postpone the validity of the ordinance that deals with borders. In particular, those items that talk about the presentation of the vaccination certificate, or, otherwise, compliance with the quarantine”, he added.
*With information from Douglas Porto, Henrique Andrade, Giovanna Galvani and Gabrielle Varela, from CNN
Reference: CNN Brasil
%20Luca%20Delpia%20-%20Archivio%20della%20Fondazione%20I%20Teatri%20Reggio%20Emilia%201071%20b%20(002).jpg "The CCCP on stage in Legnano for the last call: “If you weren’t there, we would not be here”")
