The Colombian government is explaining the cyberattack it suffered this week, following significant damage to four state entities, including the Ministry of Health and the Judiciary. Government representatives have stated that 55 million records have been stolen from the Ministry of Health alone.
The company managing these portals for the state, the provider IFX, has announced that it will file a complaint with the Attorney General’s Office.
Unified Command Post to Address the Crisis
Authorities have set up a Unified Cyber Command Post (PMU Ciber) to gather details about the cyberattack that infiltrated various institutional portals earlier this week. PMU Ciber is led by the High Consultant for Digital Transformation, Saúl Kattan, the National Digital Security Committee, and the provider company IFX.
IFX Networks has contracts with 46 public entities, of which 25 have connectivity services, and 21 have data center services. The company confirmed it has implemented a contingency plan to ensure connectivity for these 25 entities, in line with the guidelines received from the Presidential Digital Transformation team.
Saúl Kattan explained that a “health crisis in the country” could be triggered, given that cybercriminals obstructed access to vital medical information for healthcare personnel. However, authorities have sought to reassure the public that efforts are underway to prevent this.
No Privacy Breaches
IFX Networks has stated that “vulnerabilities in the information, privacy, and data security hosted in the cloud have not been evident because they are protected with information security protocols.”
However, it has also been clarified that many of the affected institutions may not be able to recover the information and databases they use to serve users for a considerable amount of time.
The PMU Ciber has stated that it has received technical support from more than 30 national and international companies to address the attack and minimize its consequences.
Commitment to Service Recovery
The provider company has also committed to providing a date soon for the recovery of service for entities that are still experiencing interruptions due to the attack. IFX’s primary concern is to ensure there is no vulnerability in future operations and to safeguard the privacy of sensitive information.
In the meantime, the Ministry of Health has reported that alternative mechanisms are being developed to ensure the functionality of the sector at the national level and to minimize the impact on the affected applications.
Suspension of Judicial Deadlines until September 20
Meanwhile, the Judicial Branch has announced the temporary suspension of certain processes, considering that a short-term recovery of the affected services is not foreseen. This decision does not affect “habeas corpus” actions, tutelage actions, or the function of guarantee control.
“According to information provided by the contractor, it is not possible to restore the service immediately, and in order to ensure access and judicial administration services, due process, and other procedural guarantees, the Superior Council of the Judiciary considers it necessary to suspend judicial deadlines, except for tutelage actions, habeas corpus, and the function of guarantee control throughout the national territory,” said the sector.
The Superior Council of the Judiciary aims to minimize the consequences while normal service is being restored. In this regard, it has been announced that activities and in-person services will continue at all administrative headquarters of the Judicial Branch.