Cyber Incident Victim: Pontifícia Universidade Católica do Paraná
Date:
Mar 2022
Location:
Brazil
Summary
A ransomware attack attributed to the Hive group disrupted operations at a Brazilian education and healthcare organization, impacting five of its eight institutions. Systems including administrative platforms, virtual learning environments, and parking access controls were rendered inaccessible, affecting approximately 2,000 computers and 400 servers across multiple locations. While websites and internal networks remained offline, in-person classes continued normally across affiliated schools and universities, and hospitals maintained patient care without interruption to treatments or medication administration. The organization confirmed temporary unavailability of operational systems as a security measure and initiated recovery procedures to restore services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around March 15, 2022, the Grupo Marista do Paraná—a Brazilian organization operating eight educational and healthcare institutions primarily in Paraná state—experienced a disruptive cyber incident attributed to the Hive ransomware group. The attack rendered five institutional websites inaccessible, including those of Pontifícia Universidade Católica do Paraná (PUCPR), Hospital Marcelino Champagnat, Organização Marista, Escola Champagnat, and Marista Escolas Sociais. Operational disruptions extended beyond website outages: PUCPR students reported failures in parking gate systems, inability to access administrative platforms, and outages affecting the Ambiente Virtual de Aprendizagem (AVA), the university’s virtual learning environment. Infrastructure impacts were significant, with approximately 2,000 computers and 400 servers across PUCPR’s Curitiba and Londrina campuses compromised. Healthcare services at Hospital Universitário Cajuru and Hospital Marcelino Champagnat faced operational challenges, though patient care continued without reported interruptions to medication administration or critical treatments.
Grupo Marista confirmed the incident in a March 19, 2022, statement, citing temporary unavailability of operational systems and network access as a security precaution. The organization stated it implemented preventive procedures immediately upon detecting the incident, with technical teams working to restore services. Despite systemic disruptions, in-person classes at PUCPR and affiliated institutions (Colégios Maristas, Marista Escolas Sociais, Escolas Champagnat) proceeded normally, as did online courses delivered through alternative virtual learning platforms. Hospitals maintained routine patient care workflows using manual or contingency protocols. No ransomware payment details, data exfiltration claims, or specific recovery timelines were disclosed in available sources. The incident coincided with reports of PUCPR’s planned collaboration with EC-Council to develop cybersecurity courses, though no direct connection between this initiative and the attack was substantiated.