Cyber Incident Victim: Unimed Belem
Date:
Oct 2022
Location:
Brazil
Summary
A Brazilian medical cooperative was targeted in a ransomware attack by the RansomExx group, resulting in the alleged theft of 5.8 GB of data. The incident caused operational disruptions, with the organization publicly acknowledging system impacts and detailing procedural adjustments for authorization services during the outage. While the entity confirmed the cyberattack via a website notice, it did not reference any ransom demands or negotiations. This marked RansomExx's second attack on a healthcare-related entity within the same month.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2022, the Brazilian medical cooperative Unimed Belem experienced a cyberattack claimed by the ransomware group RansomExx. The group asserted it had exfiltrated 5.8 GB of files from the organization. This incident marked RansomExx’s second publicly disclosed attack on a healthcare entity that month, following an earlier breach at Spain’s Consorci Sanitari Integral. Unimed Belem confirmed the cyberattack through a notice on its website but did not reference a ransom demand or negotiations with the threat actors. The cooperative outlined operational disruptions caused by the incident, specifying which systems were rendered inoperative and detailing interim authorization procedures to mitigate service interruptions during the outage.
The attack disrupted Unimed Belem’s systems, necessitating public communication regarding affected operations. The organization’s website notice provided procedural guidance for authorization workflows but omitted details on data exfiltration, remediation efforts, or whether data was encrypted. RansomExx’s claim of data theft remained unverified by independent public reports at the time. DataBreaches.net attempted to contact Unimed Belem via email for additional information but received no response. The lack of disclosed ransom demands or payment status aligned with the cooperative’s silence on financial aspects of the incident. Broader contextual factors included RansomExx’s pattern of targeting healthcare organizations, as evidenced by their concurrent activities against medical entities in multiple countries.