Cyber Attack Exposes Data of 500,000 Patients in Brazil's Health Sector

Cyber Attack Exposes Data of 500,000 Patients in Brazil's Health Sector

First seen 9 Jul 2026, 07:59 UTC oglobo.globo.comwww.tnh1.com.br 81% similarity 58.5

Article Content

Browse articles
ThreatCluster

A cyber attack on the Instituto Saúde e Cidadania (Isac) has compromised the data of approximately 500,000 patients across six Brazilian states, including sensitive information of children and the elderly. The attack, identified as ransomware, occurred in 2025 and has led to an investigation by the Agência Nacional de Proteção de Dados (ANPD) for potential violations of the Lei Geral de Proteção de Dados (LGPD). Affected data includes personal identification and health records, such as medical histories and diagnoses. The Isac claims no significant data leakage occurred and that systems were restored without loss, but the ANPD has raised concerns over inadequate security measures and insufficient communication with affected individuals. The investigation is ongoing, with no penalties imposed as of now.

Key Points: • A ransomware attack compromised data of 500,000 patients managed by Isac. • The ANPD is investigating Isac for potential violations of data protection laws. • Isac claims no significant data was leaked, but the ANPD disputes this assertion.

ThreatCluster AI

Timeline

2025-01-01
Ransomware attack on Isac
A ransomware attack occurred, affecting data of approximately 500,000 patients across multiple states.
Article 1
2026-07-08
ANPD initiates investigation
The ANPD opened a Process Administrative Sancionador to investigate Isac for data protection failures.
Article 2
2026-07-09
Public disclosure of data breach
Isac publicly acknowledged the data breach and stated it is taking measures to mitigate impacts.
Article 1

Community

Browse all →