FONASA

FONASA, operating as Chile's National Health Fund, is a public entity headquartered in Chile that administers the nation's health fund system. It manages health benefits and services for Chilean residents, maintaining extensive beneficiary information that includes personal details such as names, addresses, and cities. The organization processes healthcare payments and oversees documentation related to medical visits, as indicated by the types of data involved in a security incident. It also maintains internal employee records containing identification numbers and signatures, reflecting a structured workforce. By handling sensitive personal and medical data, FONASA occupies a central role in Chile's public health infrastructure as the national institution responsible for health coverage. Its operations inherently involve the custody of detailed health-related information for the population it serves, though specific metrics regarding enrollment or financial scope are not provided in the available information. Structurally, it functions as a government-funded body without indicated subsidiaries or parent companies, focusing exclusively on its mandate within the Chilean health sector.

In February 2023, FONASA experienced a ransomware attack attributed to the BlackCat group, which claimed responsibility and disclosed compromised data. The breach exposed beneficiary correspondence containing personal details and employee records, including identification numbers and signatures. Attackers provided evidence to investigators, such as visit reports and healthcare payment documentation, demonstrating the depth of accessed information. This incident confirmed that FONASA stores and processes sensitive health and personal data on a significant scale. The attackers stated they received no response from the entity and threatened further public disclosure, while national cybersecurity authorities acknowledged the event without issuing subsequent updates. The event highlights FONASA's critical function in managing voluminous personal and medical records for Chile's population and the associated risks of cyber threats to such data-intensive public health operations. The exposure of payment documents and signatures further illustrates the organization's involvement in financial and administrative processes within the healthcare system. This breach stands as a notable episode underscoring the cybersecurity challenges faced by national health institutions entrusted with sensitive citizen information.