Cyber Incident Victim: Unimed Cuiabá
Date:
Mar 2024
Location:
Brazil
Summary
Unimed Cuiabá suffered a cyber attack that disabled its computerized system for authorizing medical consultations, exams and hospitalizations while leaving personal and sensitive data inaccessible. Technical staff and specialized firms began immediate restoration efforts, and the cooperative ensured uninterrupted care by providing manual forms, guides and dedicated communication channels for physicians and providers to submit requests. Beneficiaries were informed through institutional outlets, and a medical audit team was deployed to maintain operational flow in its own facilities. The incident affected only the authorization system, with no data breach reported, and work continues to return the platform to normal operation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the early morning of Monday, March 18, 2024, Unimed Cuiabá experienced a cyberattack. The attack caused the temporary unavailability of the computerized system responsible for releasing medical service requests such as consultations, exams, and hospitalizations. Although the incident compromised part of the functioning of the cooperative’s technology network, the network containing personal and sensitive data was not accessed. No interruption of patient attendance was reported as a result of the system disruption. The cooperative confirmed that the attack affected only the authorization system and that its own data and client data remained secure.
Beginning in the first hours of Monday, technicians from Unimed Cuiabá together with specialists from external companies started working to restore the regular operation of the affected system. To ensure continuity of care, Unimed Cuiabá immediately made available medical guides and forms for manual completion. Beneficiaries were instructed to present a photo identification document and a valid health plan card when seeking treatment at the accredited network. Exclusive communication channels—including e‑mail, telephone, and WhatsApp—were established for doctors and provider networks to submit the manually completed records. The cooperative issued procedural guidance to its cooperated physicians and the broader provider network on how to operate under the circumstances. A medical audit team was directed to monitor and guarantee the operational flow within Unimed Cuiabá’s own hospitals and clinics. Information for beneficiaries was disseminated widely through the cooperative’s institutional website, mobile application, and various media outlets. Unimed Cuiabá emphasized that, regardless of whether attendance was recorded digitally or manually, the full scope of services promised to clients would be delivered without prejudice to assistance care. The organization reiterated that the attack did not result in any access to personal or sensitive data and remained available for doubts and clarifications while striving to bring the system back online as quickly as possible.