Cyber Incident Victim: Unimed Brusque
Date:
Feb 2025
Location:
Brazil
Summary
Unimed Brusque experienced a cyberattack disrupting internal systems, including customer service channels, appointment scheduling, and exam authorization processes, prompting temporary reliance on WhatsApp and a toll-free number for operations. The organization confirmed its IT teams promptly contained the incident with no compromise of personal or sensitive data, implementing preventive and corrective measures while reinforcing security protocols. Full service functionality was restored following the attack, which aligns with broader targeting of healthcare entities by cybercriminals due to their operational criticality.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Unimed Brusque, a healthcare cooperative in Santa Catarina, Brazil, experienced a cyberattack during the final week of January 2025 that disrupted internal systems and patient services. The organization first publicly acknowledged technical instabilities affecting communication channels, appointment scheduling for consultations, and authorization systems for medical exams. During this initial operational disruption, Unimed Brusque implemented contingency measures by directing patients to alternative contact methods, specifically WhatsApp (47 3251 2499) and a toll-free phone line (0800 648 2500), to maintain basic service functionality. The cooperative subsequently confirmed through an official statement on its website that these technical challenges resulted from hostile cybercriminal actions by unidentified threat actors. Information technology teams promptly contained the incident, though the organization did not disclose specific technical details regarding attack vectors, malware variants, or whether additional digital environments beyond the affected patient-facing systems were compromised.
Full service restoration occurred within days of the initial disruption, with all systems returning to normal operational capacity according to the cooperative's public communication. Unimed Brusque explicitly stated that forensic investigations revealed no evidence of personal or sensitive data compromise during the breach. Immediate corrective actions included reinforcement of existing security protocols, though the organization provided no technical specifics regarding these enhancements. The incident prompted the cooperative to reaffirm its commitment to data protection standards and service quality in its public messaging, directing additional inquiries to its data protection officer via email ([email protected]). Operational impacts remained confined to temporary performance degradation in scheduling and authorization systems, without secondary disruptions to clinical care delivery or long-term service interruptions reported in available documentation.