Cyber Incident Victim: Conselho Regional de Farmácia do Estado de Mato Grosso do Sul
Date:
Mar 2024
Location:
Brazil
Summary
The Conselho Regional de Farmácia do Estado de Mato Grosso do Sul suffered a hacker intrusion that locked internal systems and disrupted services such as the CRF‑MS em Casa platform, though attackers did not access data and backups remained intact. The organization reported the incident to the Federal Police, activated emergency communication channels including phone, WhatsApp and email, and began restoring services from backup while keeping professionals informed of the ongoing normalization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the week of March 1, 2024, the Conselho Regional de Farmácia de Mato Grosso do Sul (CRF-MS) detected a hacker intrusion that locked several internal systems and blocked new accesses for pharmacists in the capital and interior municipalities. The intrusion did not allow the attackers to retrieve any professional or institutional data, and the organization's backup remained intact and available for restoration. Upon discovery, CRF-MS immediately activated its internal security procedures and notified the Federal Police, filing an official occurrence report. The institute's informatics team began working on restoring the backup to bring the affected services back online as soon as possible.
The attack caused difficulties for users trying to access platforms such as “CRF-MS em Casa,” resulting in delays and instability in the provision of services across the state's 79 municipalities. To mitigate the impact on pharmacists who needed to submit documents, ask questions, or check the status of ongoing matters, CRF-MS established an emergency assistance channel operating through a fixed line and WhatsApp number (67) 3325-8090 and an email address [email protected]. Additional support lines were made available, including the management assessor at (67) 99946-3635, the ombudsman at (67) 99985-0185, technical assessor at (67) 9635-6563, and institutional assessor at (67) 99251-0791. The president of the council, Daniely Proença, also provided her personal telephone number (67) 99282-0717 for direct assistance and clarification of doubts.
Throughout the incident, CRF-MS leadership emphasized that the backup's integrity allowed for reinstallation and updates without data loss, and they communicated transparently with professionals about the temporary inconvenience. President Daniely Proença stated that the council acted immediately to protect data and administrative flows, and that it would continue investing in virtual security improvements and sharing experiences with other regional pharmacy councils to prevent similar attacks. She affirmed that the institution remains committed to strengthening its defenses and maintaining normal operations despite the criminal attempt. The council concluded that it would persist in its mission to serve the pharmacy class while reinforcing its cybersecurity posture.