Fast Facts

• Ransomware group Nova claims to have stolen 100GB of SQL files from Brazil’s Primary Health Care system.
• Attackers allege access to over 50 million patient records, including sensitive data.
• Targeted system is run by the Brazilian Ministry of Health, impacting nationwide public healthcare.
• The breach was publicly disclosed on December 4, 2025, by ransomware.live.
• Nova is demanding contact from authorities, threatening to leak data if ignored.

A Digital Heist in Brazil’s Medical Core

Picture a pirate ship, not on the high seas, but sailing through digital currents straight into Brazil’s healthcare stronghold. On December 4, 2025, the ransomware gang known as Nova surfaced with a chilling claim: they had breached the nation’s “Atenção Primária à Saúde” (Primary Health Care) system, exfiltrating a staggering 100 gigabytes of SQL database files. These files, the backbone of medical records, reportedly contain the personal and health information of millions-potentially over 50 million Brazilians.

The attackers didn’t just grab a handful of documents. In their own words, they siphoned “millions of patient records” from both on-premise systems and cloud backups. Nova’s message was clear: unless the authorities make contact, they’ll begin leaking samples of the stolen data, ramping up the pressure on Brazil’s Ministry of Health.

Not the First, Nor the Last: A Pattern of Healthcare Attacks

This breach is the latest in a disturbing trend. Over the past five years, global healthcare systems have become a favorite target for cybercriminals. In 2021, Ireland’s Health Service Executive was crippled by Conti ransomware, while in 2022, Costa Rica’s social security system suffered a similar fate. These attacks exploit the criticality of health data-hospitals cannot afford downtime, and patient data is a goldmine for identity theft, blackmail, and fraud.

Brazil itself is no stranger to cyber threats. In 2021, the Ministry of Health experienced a major ransomware incident, temporarily knocking out the COVID-19 vaccination platform. The latest Nova attack, however, threatens a broader swath of the population and underscores persistent weaknesses in digital defenses.

The Anatomy of a Modern Ransomware Hit

At the core of the Nova operation lies SQL database exfiltration-a technical term for siphoning the structured data that powers websites and apps. Imagine draining a city’s water reservoir instead of just stealing a few buckets. By targeting SQL files, Nova may have obtained names, medical histories, national IDs, and contact details, leaving millions vulnerable to scams or worse.

The attackers’ demand for negotiation before releasing data is classic ransomware playbook: maximize fear, pressure, and potential pay-off. While the full extent of the breach remains unverified, cybersecurity researchers warn that even partial leaks could trigger a cascade of privacy violations, regulatory fines, and public trust erosion.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• SQL Database: An SQL database is a structured collection of data, organized in tables, that allows fast searching, analysis, and secure storage of sensitive information.
• Exfiltration: Exfiltration is the unauthorized transfer of sensitive data from a victim’s network to an external system controlled by attackers.
• Cloud Backup: Cloud backup saves your data to remote servers online, protecting it from loss and enabling easy recovery if your device is lost or damaged.
• Data Leak: A data leak is the unauthorized release of confidential information, often exposing sensitive data to the public or malicious actors.