Cyber Incident Victim: Grupo Hospitalar Vida

On or around March 10, 2023, the Brazilian healthcare provider Grupo Hospitalar Vida suffered a cyberattack attributed to the LockBit ransomware group. The attack rendered the hospital system’s website inaccessible as of the publication date of March 11, 2023, disrupting online services and public information access. LockBit, a ransomware-as-a-service operation, claimed responsibility for the breach, despite its repeated public statements claiming to prohibit affiliates from targeting hospitals. Grupo Hospitalar Vida operates multiple facilities, including a maternity hospital, though the attack’s full operational impact—such as disruptions to patient care, medical records, or internal communications—was not detailed in available reports. No explicit ransom demands, data exfiltration claims, or decryption negotiations were disclosed at the time of reporting. The hospital system’s response measures, if any, remained unspecified beyond the observed website downtime.

This incident followed LockBit’s pattern of targeting healthcare providers despite its past assertions to the contrary. Months earlier, LockBit had publicly apologized for an attack on Canada’s SickKids Hospital, providing a decryption key and claiming the affiliate responsible had violated its policies. However, security analysts widely dismissed this as a public relations maneuver, noting LockBit’s continued targeting of healthcare entities, including Grupo Hospitalar Vida. The absence of immediate restorative actions, such as website recovery or patient service updates, suggested prolonged disruption to Grupo Hospitalar Vida’s digital infrastructure. No evidence indicated data theft or leaks from the Brazilian attack, contrasting with typical LockBit operations involving double extortion tactics. The group’s actions against hospitals in multiple countries underscored vulnerabilities in healthcare sector cybersecurity defenses globally.