Unimed Belém Brazil Databreach Leaked Online 2022.
Unimed is the largest cooperative in the health area around the world and also the largest medical assistance network in Brazil, present in 83% of the national territory.
The System was born with the foundation of Unimed Santos (SP) by Dr. Edmundo Castilho, in 1967, and today it is composed of 368 medical cooperatives, which provide assistance to more than 19 million clients and 73 thousand companies throughout the country.
Unimed customers have more than 110 thousand doctors, 3,244 accredited hospitals, in addition to emergency services, laboratories, ambulances and own and accredited hospitals to guarantee quality in the medical, hospital and complementary diagnosis assistance offered.
The biggest and best health plan in the country.
Ransomware:
Unimed Belem's system was hacked by Ransomexx2 ransomware group on the 11th of October and it seems Unimed has decided not to pay the ransom, because the group has posted all data online for anyone to download on their Dark Web page.
Data was published on Ransomexx2 leak site: 2022-10-18 and has already had over 25,000 visitors.
Leak size: 5.76GB Password protected zip archive, divided into 12 parts of 500MB.
The leaked data contains RG ( SSN), CPF, Carteria de Identificação ( ID-card ), CPNJ, social status, home addresses, e-mails and more of the doctors and nurses working at Unimed Belem, plus signed contracts of service and maintenance between the different businesses and the hospital up until 2022.
There are also other signed contracts for maintenance of the different parts of the hospital and for the creation of their website, which specifically requested the portal to be written in the Java language 2009.
The total price for this service according to a leaked document from 2009 was $65,400,00 Reais.
Financial information, like salaries, paid taxes, invoices for technical support, Serasa etc, in the leak ranges from 2003 - 2022.
Doctors working at Unimed are listed with complete name, numbers and their area of speciality 2021.
ID's are included in the leak, this is an example:
Patients names, addresses, e-mails, phone numbers, even cellphones, status and treatments are all included in the leak.
There is also a list of high-spenders consisting of over 300+ patients.
Even small childrens documents, like birth certificates, ID's and treatments are included in this leak.
What the LGPD Brazilian law - "Lei Geral de Proteção de Dados Pessoais" says.
"The penalties for failure to protect personal data are steep. For each infraction, an organization ( business ) may have to pay a fine of up to 2% of its revenues in Brazil for the prior fiscal year, or up to 50 million Brazilian Reals. That is almost $10 million US Dollars."
"Data controllers must self-report security incidents within a “reasonable” period of time, both to data subjects ( citizens ) and the Brazilian National Data Protection Authority (ANPD)."
Lei Geral de Proteção de Dados Pessoais.
This law was due to take effect in September 2020, but on June 10, 2020, President Bolsonaro signed Law 14,010, which delayed the LGPD administrative sanctions provisions from taking effect until August 1, 2021.
First published 2022-11-10
- Title: Unimed Belém Brazil Databreach Leaked Online 2022
- Posted by:
- Date: 4:43 AM
- Tags: Data BreachesBrazil
