Cyber Incident Victim: Unimed do Brasil
Date:
Mar 2025
Location:
Brazil
Summary
Unimed do Brasil confirmed a cyber incident affecting a Kafka‑linked environment used for mobile app and chat integration between three cooperatives, limited to beneficiary‑operator communication for network searches and administrative requests. The company stated the affected system does not store sensitive data, retains no interaction history, and lacks capacity for the alleged message volume, with no evidence of sensitive data leakage so far. Investigations continue under the National Data Governance Program, while the firm reiterated its ongoing information security investments and compliance with LGPD.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Early in the year,Unimed de Brusque (SC) reported being the target of a cyber attack that caused performance impacts on its internal systems, including service channels, appointment scheduling, and exam authorizations. In March 2025, Unimed do Brasil identified a punctual cyber incident involving an environment linked to the Kafka platform used for data flow and internal communication. The company stated that the incident was promptly resolved and that, to date, there is no evidence of any leakage of sensitive data from customers, cooperated physicians, or health professionals. The affected system is an integration between the mobile application and a chat service utilized by three cooperatives exclusively for communication between beneficiaries and the operator, limited to searching the accredited network and making administrative requests. Unimed emphasized that this chat environment does not store sensitive data, does not maintain a history of interactions, and lacks the capacity to support the volume of messages alleged in media reports. Consequently, the operator contested press claims of a supposed leak of medical conversations, noting that the disclosed volume and nature of messages are inconsistent with the capabilities of the affected environment. Investigations into the incident remain ongoing.
Unimed affirmed that it continues to follow the National Data Protection and Privacy Governance Program and to reinforce its continuous investments in information security. As part of this commitment, the company raises cybersecurity standards across all cooperatives, ensures compliance with the LGPD and international best practices, maintains continuous monitoring and rapid response to incidents, and partners with strategic technology providers that are global leaders in security and digital infrastructure solutions. The operator stated that every situation is analyzed with technical rigor and institutional responsibility, reflecting its dedication to health and the protection of the right to privacy for beneficiaries, cooperated physicians, employees, and partners. Unimed noted that, although the incident was isolated and does not reflect on the broader system composed of 340 medical cooperatives and independent companies, it remains vigilant in safeguarding its digital environment.
Regarding impacts, Unimed reported that there is no evidence of sensitive data leakage and that the affected environment does not store patient information nor retain interaction histories. The earlier Brusque attack had disrupted service channels, appointment scheduling, and exam authorizations, while the March 2025 incident was promptly contained without affecting those services. The company maintains transparency in its communications, reiterating its commitment to societal trust and to upholding the highest standards of security and digital governance. Investigations into the incident remain ongoing.