Cyber Incident Victim: Instituto Nacional de Vigilancia de Medicamentos y Alimentos
Date:
Feb 2022
Location:
Colombia
Summary
The Instituto Nacional de Vigilancia de Medicamentos y Alimentos (INVIMA) experienced a cyberattack targeting its technological infrastructure, causing a complete disruption of online services and forcing the agency to disable its web portal and disconnect physical and virtual servers. While INVIMA assured users that data confidentiality remained protected through collaboration with cybersecurity response teams, the incident paralyzed critical operations, preventing businesses from processing essential permits and certifications for food and medicine exports. Users expressed widespread frustration over the inability to conduct time-sensitive transactions, with some questioning the integrity of sensitive information despite official reassurances. The agency advised stakeholders to disregard communications from its official domain during the outage and directed them to temporary external email channels for urgent requests.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 6, 2022, at 00:47, Colombia’s National Institute for Food and Drug Surveillance (INVIMA) experienced a cyberattack that disrupted its entire technological platform. The attack rendered the institute’s website and services inaccessible, affecting critical operations related to the legalization of imported food and medicines, approval of domestically manufactured products, and commercial certifications. INVIMA initially downplayed the incident in a February 8 statement, attributing the outage to unspecified “technical failures” in its web server. By February 9, however, the agency confirmed the cyberattack in a second communication, revealing the full scope of the disruption. In response, INVIMA disabled its web portal (invima.gov.co) and disconnected all physical and virtual servers to protect user data and system integrity. The institute asserted that Colombia’s Computer Security Incident Response Team (CSIRT) was assisting with containment and that implemented security measures safeguarded confidential information, though it provided no technical evidence to support this claim.
The prolonged outage paralyzed essential services, stranding businesses, port operators, and academic researchers reliant on INVIMA’s digital platforms for certifications, export inspections, and regulatory submissions. Colombian business leaders, including National Business Association (ANDI) president Bruce Mac Master, urged suspension of time-sensitive procedures that could not be completed due to the disruption. Social media users reported widespread operational paralysis, with exporters at the Port of Buenaventura facing potential shipping delays and financial losses due to inaccessible inspection certificates. Public distrust escalated, with stakeholders questioning INVIMA’s transparency regarding data security—particularly concerning protected pharmaceutical formulas—and criticizing its reliance on non-official Gmail accounts ([email protected], [email protected]) for emergency communications. The institute advised users to disregard all emails sent from its domain after February 6 and promised temporary alternative solutions while restoring systems. Media speculation about Russian state involvement emerged but remained unconfirmed by official sources.