CSIDB logo

Advanced Search

Log in Sign up
Menu
Browse

Cyber Incident Victim: Instituto de Salud Pública de Chile

Date:

Jun 2025

Location:

Chile

Summary

The Instituto de Salud Pública de Chile experienced a cyberattack disrupting key digital systems and paralyzing platforms essential for customs processes. Immediate incident response protocols were activated, involving the National Cybersecurity Agency and law enforcement for containment and investigation. While no evidence of data exfiltration was found, the attack halted sanitary certificate issuance, causing critical logistical disruptions for imports like medicines and medical devices. Customs implemented exceptional authorization measures to mitigate trade impacts. Essential functions such as sample reception continued via alternative channels. The incident prompted political concern and demands for clarity regarding potential data vulnerabilities.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 0 motives 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On June 27, 2025, the Instituto de Salud Pública de Chile (ISPCH) detected a cybersecurity incident that disrupted its digital systems, prompting immediate activation of its incident response protocol. The organization contacted Chile's National Cybersecurity Agency (ANCI) that same day, with ANCI personnel arriving onsite to coordinate containment measures. ISPCH simultaneously filed a formal complaint with the Public Ministry, initiating a criminal investigation supported by Chile's Investigative Police (PDI). Preventive server reviews commenced immediately after detection, conducted jointly with ANCI specialists. While institutional telephones and email systems remained operational, critical digital platforms became unavailable, including systems processing sanitary certificates required for customs clearance of regulated products like medicines, cosmetics, and medical devices. This disruption created significant logistical challenges for import/export operations despite no evidence emerging of actual data exfiltration or sensitive information exposure during the initial response phase.

Cyber Incident Image

The technical containment strategy involved deliberate server deactivation to prevent potential data exposure, maintaining only minimal emergency operations through alternative channels for essential services like sample reception and urgent case management. By July 10, ISPCH convened meetings with regulated industry representatives and its Civil Society Council to coordinate contingency measures, while internally prioritizing critical workflows including transplant-related processes, quality control exemptions, and product registrations. Customs authorities implemented temporary resolutions allowing exceptional authorization procedures without standard certificates, requiring specific disclaimers in declarations and post-contingency regularization plans. Institutional communications migrated to a new web domain (www.ispch.gob.cl) with restored functionalities for the Integrated Citizen Information and Service System (SIAC-OIRS), though several systems remained offline with "coming soon" status indicators as of July 14. Political reactions included parliamentary members declaring a "red alert" over the incident, demanding full transparency regarding attack scope and criticizing institutional cybersecurity preparedness despite ISPCH's maintained operational continuity in public health functions throughout the disruption.

Sources
Sources available to members
2 sources