Brinztech Alert: Database of Conasems (Brazil’s National Health Council) is Leaked

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged leak of a database from Conasems (Conselho Nacional de Secretarias municipais de Saúde), Brazil’s National Council of Municipal Health Secretariats.

This claim, if true, represents a critical, active data breach at the heart of Brazil’s public health system (SUS). My analysis confirms Conasems is a high-level political body that represents all municipal health departments in the country.

The breach, attributed to the user @888 and dated November 2025 (the current month), is considered highly credible. The actor @888 is a known, sophisticated data broker responsible for other major Brazilian breaches in 2025, including the 248,000-record leak from CIEE in July.

This incident is not isolated; it is the latest in a catastrophic, ongoing cyber crisis in Brazil’s public health sector.

• In September 2025, the KillSec ransomware group attacked MedicSolution, a healthcare IT supply chain provider, leaking 34GB of sensitive patient lab results and X-rays.
• In January 2025, the National Health Foundation suffered a 90GB data breach.

This new Conasems leak of 68,000 unique users is exceptionally severe because it includes the CPF (Cadastro de Pessoas Físicas), Brazil’s national individual taxpayer registry number (equivalent to a US Social Security number). The exposure of CPFs alongside names, emails, and roles provides a complete toolkit for mass identity theft and financial fraud.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat:

• High-Value PII Exposure: The leak includes critical personal identifiers such as CPF (Brazilian individual taxpayer registry number) alongside full names and email addresses, creating significant risk for identity theft, fraud, and targeted social engineering attacks.
• Public Health Sector Vulnerability: The incident underscores the persistent targeting of public health organizations, which store extensive sensitive personal data, making them prime targets for cybercriminals seeking valuable PII. This aligns with the 3,000%+ rise in cyberattacks against Brazil’s public sector since 2021.
• Potential for Widespread Impact: As Conasems represents municipal health secretariats, the exposed data could have ripple effects across Brazil’s public health system, potentially compromising individuals and associated entities beyond direct Conasems users.
• Persistent Threat of Static Data: The exposure of static PII like CPF and full names means this data can be leveraged for various malicious purposes for an extended period, irrespective of the exact breach date.

Mitigation Strategies

In response to this systemic threat, organizations must take immediate and decisive action under Brazil’s LGPD (General Data Protection Law):

• Strengthen Access Controls and MFA: Implement and enforce multi-factor authentication (MFA) for all user accounts, particularly those accessing sensitive systems, to prevent account takeover from leaked credentials.
• Data Protection and Encryption: Adopt robust data minimization policies to reduce the volume of sensitive data stored, and ensure all critical PII, including CPF numbers, is encrypted both at rest and in transit.
• Targeted User Awareness Training: Conduct ongoing, focused cybersecurity training for all personnel, emphasizing risks like phishing, social engineering, and the secure handling of sensitive personal and health information.
• Identity Theft Monitoring for Affected Individuals: Advise or provide identity theft protection and monitoring services to all potentially affected users, especially those whose CPF numbers have been compromised, to detect and respond to fraudulent activities promptly.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com